我有一个列入黑名单的IP文件,当fail2ban启动时,通过fail2ban加载到iptables 。
假设初始列表在启动时看起来像这样:
Chain fail2ban-ip-blacklist (1 references) target prot opt source destination DROP all -- 120.25.68.125 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-wordress (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0
为什么我会在启动后在我的日志中得到一个通知, 120.25.68.125已经被禁止,并重新访问iptables的状态来看看这个:
Chain fail2ban-ip-blacklist (1 references) target prot opt source destination DROP all -- 120.25.68.125 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-wordress (1 references) target prot opt source destination REJECT all -- 120.25.68.125 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0
IP 120.25.68.125不应该被阻止,不需要重新join禁止列表? 为什么120.25.68.125stream量被退回?
iptables输出 Chain INPUT (policy ACCEPT 1393 packets, 164K bytes) pkts bytes target prot opt in out source destination 1401 164K fail2ban-wordpress tcp -- * * 0.0.0.0/0 0.0.0.0/0 1410 165K fail2ban-repeatoffender all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1207 packets, 1786K bytes) pkts bytes target prot opt in out source destination Chain fail2ban-repeatoffender (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 120.25.68.125 0.0.0.0/0 Chain fail2ban-wordpress (1 references) pkts bytes target prot opt in out source destination 1401 164K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
您需要在INPUT链中交换fail2ban-wordpress和fail2ban-repeatoffender规则的顺序。