Fail2ban

Fail2Ban 添加了 iptable 規則但它們不起作用?

  • May 25, 2019

Fail2Ban 剛剛阻止我的 IP 進行 3 次 SSH 嘗試。它添加了 iptables 規則,我可以使用“sudo iptables -L -n”命令查看它。但是我仍然可以訪問該站點並通過 SSH 登錄!可能是什麼問題?是因為我使用 CloudFlare 嗎?我已將 Nginx 設置為將真實 IP 寫入訪問日誌,而不是 Cloud Flare IP。還不夠嗎?

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  119.235.14.8         0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

輸入鏈:

Chain INPUT (policy DROP)

   target     prot opt source               destination         
   fail2ban-NoAuthFailures  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
   fail2ban-nginx-dos  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,8090
   fail2ban-postfix  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465
   fail2ban-ssh-ddos  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
   fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
   ufw-before-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
   ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0           
   ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0           
   ufw-after-logging-input  all  --  0.0.0.0/0            0.0.0.0/0           
   ufw-reject-input  all  --  0.0.0.0/0            0.0.0.0/0           
   ufw-track-input  all  --  0.0.0.0/0            0.0.0.0/0           
   LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4

2019 年更新:原始答案中的 API 使用已被棄用,取而代之的是 API v4,請改用新版本。 Fail2ban unban 操作因 Cloudflare 失敗感謝 @baptx 評論

iptables無法獲取真實ip,所以應該使用cloudflare的api將雲端IP加入黑名單。

這是我的動作配置文件

# Fail2Ban configuration file
#
# Author: Charles Chou
# Modified: Norman Yee 
#           fix original cloudflare-blacklist.conf

# $Revision$
#

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = curl -s "https://www.cloudflare.com/api.html?a=ban&key=<ip>&u=<account>&tkn=<token>"

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionunban = curl -s "https://www.cloudflare.com/api.html?a=nul&key=<ip>&u=<account>&tkn=<token>"

[Init]

# Option:  account
# Notes.:  In the actionban and actionunban sections,replace CLOUDFLARE_LOGIN with your CloudFlare login email
# Values:  your CloudFlare account
#
account = example@example.com

# Option:  token
# Notes.:  In the actionban and actionunban sections, replace CLOUDFLARE_API_TOKEN with your API key
# Values:  Your CloudFlare API key 
#
token = Your API key here

引用自:https://serverfault.com/questions/422339

相關問答

Nginx

Cloudflare 的 Fail2ban 解禁操作失敗

  • October 22, 2019
檢視問答
Apache-2.2

帶有 Cloudflare 的 iptables

  • September 5, 2012
檢視問答
Nginx

複製使用 Cloudflare for SSL 的網路伺服器後如何解決“400 Bad Request”?

  • November 9, 2022
檢視問答
Cloudflare

向 CDN 提供商隱藏敏感資訊

  • November 6, 2022
檢視問答
Domain-Name-System

某些 DNS 檢查器中出現奇怪字元,但 DKIM 和 SPF 中沒有其他字元,可能導致 DMARC 失敗

  • August 26, 2022
檢視問答
Cloudflare

使用 Cloudflare 代理顯著降低頁面性能

  • May 5, 2022
檢視問答