Ambos os firewalls são melhores na indústria, Ao escolher o melhor, baseia-se nos requisitos individuais e ambientais.
Eu prefiro o Fail2ban sobre o APF,
By default fail2ban is configured to work with iptables
Fail2ban adds a chain to iptables.
We have the flexibility(you can write your own alerts and filters) of configuring fail2ban to have many different actions, this allows it to be able to work with iptables, shorewall, etc.
The service itself is incredibly easy for most users because most of the difficult configuration has been taken care of for you.
The configuration files seem much more organized and by their nature seem to allow more flexibility
However, when you deviate from the standard configuration, it is helpful to know how fail2ban functions in order to manipulate its behavior in a predictable way.
Specify path to any log file (apache, ssh, nginx, mail server, ...).
Specify regex for attack patterns (e.g., more than 10 "404 errors" by the same ip on nginx access log in 6 seconds)
Specify regex to ignore certain patterns (very useful!)
Specify ban time
Send an email (or any other alert...)
Note: Please do take time reasearching what's best for your environment as all the updates will be based on the exposure and customization for our environment.