So this is not a critical problem, and quite frankly its ok for this to happen.
Im running mailcow and in netfilter i notice a few things. It works very good, its good and blocks. But i wondered how one would defend from Distributed Brute Force Attack, like if a botnet tries to guess both username and password from “193.1.234.1” but then try again with “193.1.234.2”. And if it keeps going like this it has as many tries as you allow for each ip which sometimes can be a few or it can be a large amount. The problem is that itrs not possible to directly (from what i know) use logic to detect subnet attacks from botnets. So my question is if there are any ways of mitigating this in terms of security and perfomance.
As said this is in a way fixed by the way it bans a subnet from one ip ban but you know what i mean.
Thank you!