Iptables
Fail2Ban - IP 表拒絕不禁止
我在 Ubuntu 16 上執行了 fail2ban,並執行了一些監獄。
一種是 http-get-dos:
在 jail.conf 中
[http-get-dos] enabled = true port = http,https filter = http-get-dos logpath = /var/log/apache2/access.log maxretry = 100 findtime = 60 #ban for 5 minutes bantime = 600 action = iptables[name=HTTP, port=http, protocol=tcp]
過濾文件:
# Fail2Ban configuration file [Definition] # Option: failregex # Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match. # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. failregex = ^<HOST> -.*"(GET|POST).* # Option: ignoreregex ignoreregex =
Fail2Ban 中的監獄似乎執行良好——我只是通過敲擊 URL 對其進行了測試,並且我的 IP 已添加到 IP 表中。
但是,我實際上並沒有被阻止 - IP 表 REJECT 似乎不起作用。
my.ip.address 出現在 Chain fail2ban-HTTP a REJECT 中的 IP 表中,但我沒有被拒絕(仍然可以訪問該站點)
iptables -nvL –line-numbers
Chain INPUT (policy ACCEPT 2689 packets, 413K bytes) num pkts bytes target prot opt in out source destination 1 68 5849 fail2ban-HTTP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 2 3104 575K fail2ban-apache-overflows tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 3 3104 575K fail2ban-apache tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 4 728 43824 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3325 packets, 4380K bytes) num pkts bytes target prot opt in out source destination Chain fail2ban-HTTP (1 references) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * my.ip.address 0.0.0.0/0 reject-with icmp-port-unreachable 2 68 5849 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache (1 references) num pkts bytes target prot opt in out source destination 1 3104 575K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-overflows (1 references) num pkts bytes target prot opt in out source destination 1 3104 575K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) num pkts bytes target prot opt in out source destination 1 728 43824 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
我想知道這是否是一個訂單問題 - 即全球 ACCEPT 勝過 IPTables 中的 fail2ban 規則。但如果這是問題所在,我不知道如何解決它,以及為什麼fail2ban 一開始就沒有把它放得足夠高。
任何建議,非常感謝。
您正在監視兩者
http
,https
但僅禁止http
使用iptables
操作。使用iptables-multiport
行動並禁止兩者http
和https
。action = iptables-multiport[name=HTTP, port="http,https", protocol=tcp]