The VM's are setup for remote syslog to 44.98.254.129.
+
+
Fail2ban is configured to nullroute IPs and email the admin contact after 2 bad logins. As it's done with a nullroute, fail2ban can run on the hypervisor and will catch login attempts on the VM's. This means if you get locked out via fail2ban, you're locked out of all VMs.
+
+
There is a firewall configured at /etc/network/firewall.sh. Note this protects the hypervisor (INPUT) and to the 44net subnet (FORWARD). By default everything is blocked to the external interface and new services must be added to allow them out.