服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Fail2Ban添加iptable规则,但他们不工作?
Intereting Posts
将VMware vSphere基础架构replace为开源替代scheme? 三星ML打印机系列打印机服务器驱动程序 PFsense上的反向代理,鱿鱼或其他 检查两个系统的configuration以确定更改 旧版ESXi虚拟机处于只读状态 在Godaddy中使用Amazon Route 53弹性IP与授权设置 GPO启动脚本不能修改HKUregistry? SSD驱动器和RAIDconfiguration与LVM SQL连接速度太慢 Google Apps BCC所有入站和出站电子邮件 我怎样才能configurationApache每个HTTP错误500发送电子邮件 安装与多个SVN的分期 Exchange 2010 Powershell输出每个邮箱权限来分隔文本文件 内部networking的防火墙 将使用ACCEPT然后DROP的特定端口/ IP夫妇允许的IP,但没有其他的端口?

Fail2Ban添加iptable规则,但他们不工作?

Fail2Ban刚刚阻止我的IP进行3次SSH尝试。 它添加了iptables规则,我可以使用“sudo iptables -L -n”命令来查看它。 但我仍然可以访问该网站并通过SSHlogin! 可能是什么问题? 是因为使用CloudFlare吗? 我已经设置Nginx将真实IP写入访问日志,而不是Cloud Flare IP。 这不够吗? 

Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 119.235.14.8 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0

input链: 

 Chain INPUT (policy DROP) target prot opt source destination fail2ban-NoAuthFailures tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 fail2ban-nginx-dos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,8090 fail2ban-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465 fail2ban-ssh-ddos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4

iptables不能得到真正的ip,所以你应该使用cloudflare的api来黑名单上的云IP。

这里是我的动作configuration文件 

 # Fail2Ban configuration file # # Author: Charles Chou # Modified: Norman Yee # fix original cloudflare-blacklist.conf # $Revision$ # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD # actionban = curl -s "https://www.cloudflare.com/api.html?a=ban&key=<ip>&u=<account>&tkn=<token>" # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD # actionunban = curl -s "https://www.cloudflare.com/api.html?a=nul&key=<ip>&u=<account>&tkn=<token>" [Init] # Option: account # Notes.: In the actionban and actionunban sections,replace CLOUDFLARE_LOGIN with your CloudFlare login email # Values: your CloudFlare account # account = [email protected] # Option: token # Notes.: In the actionban and actionunban sections, replace CLOUDFLARE_API_TOKEN with your API key # Values: Your CloudFlare API key # token = Your API key here