There are plenty of tools to prevent brute force attacks to mail and ssh servers, however, those tools ( at least the ones I tried ) are quite reactive by blocking IP addresses after a few given failed login attempts which often come from different sets of addresses, making such kind of attacks harder to block.

To overcome this issue I felt the need to develop a script that takes publicly referenced IP addresses from blocklist.de and blocks them in the firewall before they even try to attack the server, acting in a more preventive way instead of reacting to a given set of events.

IPBL is still a project in development which I intend to improve in order to automate the ip blocking at the maximum, further objectives goes by creating an install script which creates a systemd timer or service ( yet to find the best way to do it ) that runs the script every given amount of time, e.g every 8 hours, in order to keep the blacklist updated by removing unlisted ips and adding new ips and a config file that allows costumization of the script behavior.

If you like the project and want to contribute either with coding or suggestions feel free to open an issue or a pull request in the script Github repo which is available at:

https://github.com/cfcolaco/IPBL