我有一个问题得到fail2ban做我想要的。 我使用禁止CLoudFlare IP的行为,这意味着仍然有很多请求会通过,直到Cloudflare的所有内容都被更新(因此用户不再能够访问该站点)。
在此之前,fail2ban试图一次又一次地禁止IP,导致它发送数千(在ddos的情况下)请求cloudflare,这需要很长的时间,因此不会禁止任何其他攻击者,直到完成以前(已经被禁止)的。
那么,有没有办法阻止fail2ban试图再次禁止它们,而忽略它们呢?
#!/bin/bash # Make sure that the ip-blacklist file exists # otherwise we go ahead and create it if [ ! -e "/etc/fail2ban/ip.blacklist" ] ; then touch "/etc/fail2ban/ip.blacklist" fi if [[ $1 = ban ]]; then if ! grep -q "$2" /etc/fail2ban/ip.blacklist; then # Store the IP as we need it later to check if the user is already banned echo "$2" >> /etc/fail2ban/ip.blacklist # Submit the ban request fi elif [[ $1 = unban ]]; then # Remove the IP from the blacklist perl -ni -e "print unless (/^$2$/);" /etc/fail2ban/ip.blacklist #sed -i '/^$2$/d' /etc/fail2ban/ip.blacklist # Submit the unban request fi 考虑创build禁止的IP列表,并在发出禁止请求时向其添加IP。 在动作脚本中,如果IP在列表中,则忽略禁止请求。 您还需要更改unban操作以从禁用的IP列表中删除IP。 创build一个脚本,如下所示:
#!/bin/bash # Define ourbanfile banFile=ip.blacklist # Ensure we have a banFile will be created if missing if [ ! -e ${banFile} ]; then touch ${banFile} fi # Ban or unban as desired if [[ $1 = ban ]]; then if ! grep -q "$2" ${banFile}; then # Store the IP as we need it later to check if the user is already banned echo "$2" >> ${banFile} # Submit the ban request fi elif [[ $1 = unban ]]; then # Remove the IP from the blacklist perl -ni -e "print unless (/^$2\$/);" ${banFile} #sed -i '/^$2$/d' ${banFile} # Submit the unban request fi # Cat banfile if running on terminal (testing) tty -s && cat ${banFile} # EOF
你的行为将是:
actionban = /path/to/script ban <IP> actionunban = /path/to/script unban <IP>