I have been developing a web app living in DO’s managed Kubernetes, and am researching the best way to blacklist Internet ingressed hosts that are an issue. For example, I flag a host as attempting bad authentication attempts too many times. In a VPS hosted environment I would typically do something like run a fail2ban service and let iptables block the hosts based on the fail2ban policies I enable.
In my Kubernetes environment, I have proxy protocol working well, so I can identify hosts that are an issue. What is the best way to actually block those hosts? Is this something I can leverage Cilium Network Policies for, or is there a way to interface with the host system’s iptables?
I am looking for a way I can dynamically (i.e. without a pod/svc restart) block or permit certain hosts at the network layer.
Any help is appreciated, Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.