如何在 Ubuntu 20.04 上使用 UFW 設置 fail2ban？

我正在嘗試使用以下配置fail2ban和.ufw``ufw.conf``/etc/fail2ban/action.d

監獄配置

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw[application=$(app), blocktype=reject]

ufw 配置

actionstart =

actionstop =

actioncheck =

actionban = [ -n "<application>" ] && app="app <application>"
           ufw insert <insertpos> <blocktype> from <ip> to <destination> $app

actionunban = [ -n "<application>" ] && app="app <application>"
             ufw delete <blocktype> from <ip> to <destination> $app

[Init]
# Option: insertpos
# Notes.:  The position number in the firewall list to insert the block rule
insertpos = 1

# Option: blocktype
# Notes.: reject or deny
blocktype = reject

# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any

# Option: application
# Notes.: application from sudo ufw app list
application =

# DEV NOTES:
# 
# Author: Guilhem Lettron
# Enhancements: Daniel Black

目前，一切都已正確設置，因為我收到了有關禁止 IP 的 fail2ban 通知，但我在ufw status.

如何fail2ban正確ufw阻止 IP 地址？

謝謝

正如@sebres 在他的評論中指出的那樣，

2. 我猜指定application=$(app)作為操作參數不正確，您必須使用真實應用程序（由 ufw 知道）或將其刪除/將其設置為空值

解決方案是刪除這部分：

[application=$(app), blocktype=reject]

在banaction = ufw配置監獄之後。

現在ufw阻止所有不需要的 IP 地址。

這是踢球者：

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw

我希望這將有所幫助。

🖖

引用自：https://serverfault.com/questions/1067723