Wait, what exactly is the difference between fail2ban and RF? I know that RF blocks clients after it doesn’t see them registered after sending 10 packets, and fail2ban blocks them after certain unsuccessful registration attempts. But why not just have a port open and have just fail2ban running? How would it be less secure than for example somebody’s gmail account, where it is open to the public, and certain number of login attempts are allowed? Sorry if I’m missing something here, but would really appreciate your guys advise.
Again, in a setting where a SIP port is open with a fail2ban with only 3 attempts allowed, wouldn’t it be pretty secure? Or are there some other security risks other than password attacks?