我有一个应用程序，似乎它受到了巨大的 ip 攻击。

• 日志档案：/root/kitty/nohup.out
• 工艺：小猫
• 端口：8888

[2021-08-31 10:02:20] [ALL] 168.138.142.22:50384 incoming connection
[2021-08-31 10:02:21] [ALL] 168.138.78.185:57728 incoming connection
[2021-08-31 10:02:21] [ALL] 168.138.78.185:57614 incoming connection
[2021-08-31 10:02:21] [ALL] 168.138.146.133:59078 incoming connection
[2021-08-31 10:02:22] [ALL] 140.238.152.56:32884 incoming connection
[2021-08-31 10:02:22] [ALL] 168.138.146.133:57606 tunnel established
[2021-08-31 10:02:22] [ALL] 168.138.146.133:57606 SSL session reused
[2021-08-31 10:02:22] [ALL] 140.238.152.56:32976 incoming connection
[2021-08-31 10:02:22] [ALL] 140.238.152.56:48210 incoming connection
[2021-08-31 10:02:22] [ALL] 168.138.78.185:52390 tunnel established

我想做的是：

1. tail 日志文件以获取过去 60 秒的日志。
2. 阻止超过请求限制的ip，例如2个请求/秒

如何通过fail2ban做到这一点？

更新

您能告诉我要配置哪个文件，然后运行哪个命令吗？

我修改了/etc/fail2ban/jail.conf，添加了内容

[DEFAULT]

maxretry = 5 
findtime = 300 
bantime = 3600
bantime.increment = true
bantime.factor = 2 

重新启动fail2ban服务，没有任何反应。

我创建了一个名为 的新过滤器/etc/fail2ban/filter.d/kitty.conf，其内容是：

[INCLUDES]
before = common.conf

[DEFAULT]
_daemon = kitty

也将此内容添加到/etc/fail2ban/jail.conf

[kitty]
enabled = true
maxretry = 1000
findtime = 100
bantime = 3600
bantime.increment = true
bantime.factor = 2
logpath = /root/kitty/nohup.out

然后重新启动fail2ban服务，现在我看到kitty在列表中，

# fail2ban-client status kitty
Status for the jail: kitty
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 0
|  `- File list:    /root/kitty/nohup.out
`- Actions
   |- Currently banned: 0
   |- Total banned: 0
   `- Banned IP list:   

但仍然没有 IP 被阻止（我可以看到大量的恶意 IP 出来......）

您能告诉我要配置哪个文件，然后运行哪个命令吗？