fail2ban我有一个列入黑名单的 IP 文件,该文件在启动iptables时会被加载。fail2ban
假设启动时的初始列表如下:
Chain fail2ban-ip-blacklist (1 references)
target prot opt source destination
DROP all -- 120.25.68.125 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-wordress (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
为什么我在启动后会在日志中收到一条120.25.68.125已被禁止的通知,然后重新访问 iptables 状态以查看以下内容:
Chain fail2ban-ip-blacklist (1 references)
target prot opt source destination
DROP all -- 120.25.68.125 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-wordress (1 references)
target prot opt source destination
REJECT all -- 120.25.68.125 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
该 IP 不是120.25.68.125已经被封了,不需要重新添加到封禁名单吗?为什么流量不被允许120.25.68.125重新通过?
更新:完整iptables输出
Chain INPUT (policy ACCEPT 1393 packets, 164K bytes)
pkts bytes target prot opt in out source destination
1401 164K fail2ban-wordpress tcp -- * * 0.0.0.0/0 0.0.0.0/0
1410 165K fail2ban-repeatoffender all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1207 packets, 1786K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-repeatoffender (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 120.25.68.125 0.0.0.0/0
Chain fail2ban-wordpress (1 references)
pkts bytes target prot opt in out source destination
1401 164K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
答案1
您需要交换链中fail2ban-wordpress和规则的顺序。fail2ban-repeatoffenderINPUT