coming from a FreeBSD and PF background, I know there's a simple rule in PF which will dynamically add an IP address to a blacklist if it exceeds a certain threshold and then blocks them.
Using a CentOS 8.2 and firewalld, I am able to find documentation that talks about creating an 'ipset' and blocking it, I am also able to find rules to limit the rate of connection. But I can't seem to find a document that talks of putting them both dynamically.
What I want to achieve is this, if my machine gets hit by an IP address more than 3 times/minute I want to push these IPs to an ipset and block the entire set dynamically on the fly. Some solutions provided are lengthy, some use Fail2ban etc, but is there a simpler, more direct and efficient way of doing it like PF does.
Thanks,