If its just one nuisance ip address or range you could manually use iptables to DROP all traffic from the ip/range.
Very handy. I tried to install ipset to streamline this but it’s not part of the opkg list.
In the end I hacked fail2ban into working. It’s not an ideal hack, but nonetheless 24 hours later it has banned 63 IP addresses!
Interestingly, very few are in the same subnet. There’s three 61.177.172.0/24, two 103.207.37.0/24, two 123.31.0.0/16 and two 193.201.224.0/24. I think the rest are unique, so there’s probably not much value in risking a false positive with entire classes. Not sure if there’s a performance hit having so many to check.
Also of interest, instead of -j DROP, fail2ban uses -j REJECT --reject-with icmp-port-unreachable by default. I guess that’s more likely to discourage future attempts?
Would love to see some improvements to or configuration of the built-in brute-force prevention, or even a supported fail2ban package. It was pretty maddening even trying to figure out which distribution mLinux was closest to to get fail2ban to play ball. Each fail2ban package relies on so many packages that turned out to be unavailable, that I ended up just disabling large sections of functionality just to get it to run.