我在让 fail2ban 执行我想要的操作时遇到了问题。我使用的操作禁止了 CLoudFlare 上的 IP,这意味着在 Cloudflare 端更新所有内容之前,仍会有很多请求通过(因此用户无法再访问该网站)。
在此之前,fail2ban 会一遍又一遍地尝试禁止该 IP,导致它向 cloudflare 发送数千个(如果发生 DDoS 攻击)请求,这会花费很长时间,因此在处理完之前的(已被禁止的)攻击者之前,不会禁止任何其他攻击者。
那么,有没有办法阻止 fail2ban 再次尝试禁止他们,而是忽略他们?
#!/bin/bash
# Make sure that the ip-blacklist file exists
# otherwise we go ahead and create it
if [ ! -e "/etc/fail2ban/ip.blacklist" ] ; then
touch "/etc/fail2ban/ip.blacklist"
fi
if [[ $1 = ban ]]; then
if ! grep -q "$2" /etc/fail2ban/ip.blacklist; then
# Store the IP as we need it later to check if the user is already banned
echo "$2" >> /etc/fail2ban/ip.blacklist
# Submit the ban request
fi
elif [[ $1 = unban ]]; then
# Remove the IP from the blacklist
perl -ni -e "print unless (/^$2$/);" /etc/fail2ban/ip.blacklist
#sed -i '/^$2$/d' /etc/fail2ban/ip.blacklist
# Submit the unban request
fi
答案1
考虑创建一个被禁 IP 列表,并在发出禁封请求时将 IP 添加到该列表中。如果 IP 在列表中,则在操作脚本中忽略禁封请求。您还需要更改解禁操作以从被禁 IP 列表中删除 IP。创建如下脚本:
#!/bin/bash
# Define ourbanfile
banFile=ip.blacklist
# Ensure we have a banFile will be created if missing
if [ ! -e ${banFile} ]; then
touch ${banFile}
fi
# Ban or unban as desired
if [[ $1 = ban ]]; then
if ! grep -q "$2" ${banFile}; then
# Store the IP as we need it later to check if the user is already banned
echo "$2" >> ${banFile}
# Submit the ban request
fi
elif [[ $1 = unban ]]; then
# Remove the IP from the blacklist
perl -ni -e "print unless (/^$2\$/);" ${banFile}
#sed -i '/^$2$/d' ${banFile}
# Submit the unban request
fi
# Cat banfile if running on terminal (testing)
tty -s && cat ${banFile}
# EOF
你的行动将是:
actionban = /path/to/script ban <IP>
actionunban = /path/to/script unban <IP>