fail2ban 应用禁令但不阻止连接

fail2ban 应用禁令但不阻止连接

sshd我在 CentOS 上启用了fail2ban 设置。它正在很好地读取日志。使用 SSH 进行一些测试,从远程服务器登录失败:

Nov 23 20:51:52 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:51:55 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:51:58 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:52:07 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.22
Nov 23 20:52:07 new fail2ban.actions[29090]: NOTICE [sshd] 199.180.250.xx already banned
Nov 23 20:52:10 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:52:13 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx

即使超过禁令,连接似乎也是被允许的。我查看了 iptables,它看起来是正确的:

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  199.180.250.xx       0.0.0.0/0           reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

连接不是持久的。远程服务器仍然可以打开与运行fail2ban 的该服务器的 SSH 会话。

我还缺少什么?

完整的 iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-sshd-ddos  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22
f2b-sshd   tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:200xyz flags:0x17/0x02

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  199.180.250.xx       0.0.0.0/0           reject-with icmp-port-unreachable
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain f2b-sshd-ddos (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

答案1

在配置中,port = ssh必须更改为自定义 SSH 端口。

我原以为 Linux 会知道 SSH 端口的定义,并且 failure2ban 会遵循该系统配置,但我错了。

相关内容