From 6765dba3e4d2374f42acacd48eb6056b41fbe735 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Wed, 16 Jul 2025 16:59:29 +0200
Subject: [PATCH] Ban another scanner trying to connect via SSH
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It is constantly spamming out logs:

apex# journalctl | grep 'Connection closed by 84.88.52.176' | wc -l
2255

Reviewed-by: Aleix Boné <abonerib@bsc.es>
---
 m/apex/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/m/apex/configuration.nix b/m/apex/configuration.nix
index 59f21d71..540e5077 100644
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -70,6 +70,8 @@
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
       # logs. Insert as first position so we also protect SSH.
       iptables -I nixos-fw 1 -p tcp -s 192.168.8.16 -j nixos-fw-refuse
+      # Same with opsmonweb01.bsc.es which seems to be trying to access via SSH
+      iptables -I nixos-fw 2 -p tcp -s 84.88.52.176 -j nixos-fw-refuse
     '';
   };