Hello,
I just switched to Truenas Scale Dragonfish and I was using it to backup my Synology Nas, but rsync service is gone and had to use SSH rsync which opened the server to the internet and the server started to get attacking from 2 bots. I’ve blocked all incoming connection just opened the one for VPN and now it’s ok but is there a way in Trunas Scale to ban IPs after lets say 3 login attempts in 5 minutes ? I haven’t found such functionality .
How?
How what 
? I enabled the SSH service cause I need it for Synology Hyperbackup to back things to truenas using rsync SSH. And I got mails that two ips are trying around 2500 times to login through ssh from root username ( I have that one disabled ofcourse) .
How does enabling the SSH service expose your TrueNAS server to the internet?
Poor choise of words on my part it was exposed before but there were no hacking/login attempts guess the bots are scanning SSH only.
Why do you have your TrueNAS server exposed to the internet? 
This is a bigger issue than trying to find a way to ban specific outside IP addresses…
I use it for cold storage offsite anyway we are getting off topic Now the server is behind firewall blocking everything besides the VPN. But is there a simple way to block IPs after failed login attempts that’s my question .
Hey, Welcome to the forums.
Within System, Services, select Edit on SSH, click Advanced and within Auxiliary Parameters you can enter:
DenyUsers *@IPAddress
Then restart the service.
I would strongly recommend using key exchange and not password auth.
Thanks but I was looking for something automatic. Keys is fine doesnt work with synology though. Anyway as I said firewall denies every incoming connection now so its fine.
Ah ok. You could create a feature request to have something like Fail2Ban built in. Then let’s see how many other community users would like it by voting.
iX has already rejected a firewall suggestion, and Fail2ban would be on top of a firewall, I’d think. “Don’t expose your NAS to the Internet” is the answer.
Good thing that you’re using a VPN now, which should help at lot. Opening a local system to the internet without a VPN sounds kind of scary to me.
What kind of router are you using? I am running OPNsense on a mini PC and it includes optional plugins to help with such attacks, e.g. a plugin for crowdsec. Obviously that’s not going to be as granular as a local lockout, but frequently these bots are scanning lots of systems and should be caught by something like crowdsec eventually. Of course OPNsense is not the only router OS that’s has that feature. There is the more (in-)famous pfSense and others as well.
As I said this is offsite so it’s just an asus router ax92u cant flash it with custom firmware so just used the router block all ipv4 incoming connections. And its my parents home so can’t mess to much with it 
But you don’t necessarily need to open the port on your parents’ router. You could establish the VPN connection as a permanent connection from your parents’ LAN to your router with the VPN server running on your side.
Or alternatively use something like Tailscale, which manages all that for you. FWIW I recently put a small device running Tailscale into the LAN of my mom, so I can print onto the printer on her network. She lives over 6000 miles away, so that’s a quicker way of getting document to her, than mailing them.
Anyway I’m just throwing out some ideas. You need to see, what works for you.
Yeah there are quite a few ways to do it I used OpenVPN since it’s compatible with synology so I can client to the offsite . Anyway the attacks stopped and it’s not like anything else needs to have incoming access to my parents home so it’s working. Will try it see if it’s stable and if not will just install Core again import the settings delete the pool recreate it with 6 hdds and that will be it Cause it was working flawlessly for 7 years .