我注意到暴力破解密码的人越来越老练,他们了解 IP 被封禁的速度,并放慢入侵速度,以免被 fail2ban 发现。我希望能够手动将 IP 添加到 Fail2Ban 的封禁列表中,这些 IP 将在特定时间段内解禁(但可能比通常的时间更长)。有没有一种手动命令行方式可以告诉 fail2ban 阻止某个 IP/范围,然后在一段时间后解禁?这是在 CentOS7 下
答案1
有一个 fail2ban 客户端:
# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>
例子:
# fail2ban-client set example banip 10.10.1.1
10.10.1.1
# fail2ban-client status example
Status for the jail: example
|- Filter
| |- Currently failed: 0
| |- Total failed: 10
| `- File list: /var/log/example.log
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: 10.10.1.1
# fail2ban-client set example unbanip 10.10.1.1
10.10.1.1
# fail2ban-client status example
Status for the jail: example
|- Filter
| |- Currently failed: 0
| |- Total failed: 10
| `- File list: /var/log/example.log
`- Actions
|- Currently banned: 0
|- Total banned: 2
`- Banned IP list: