使用 fail2ban 在特定时间段内手动阻止 IP

使用 fail2ban 在特定时间段内手动阻止 IP

我注意到暴力破解密码的人越来越老练,他们了解 IP 被封禁的速度,并放慢入侵速度,以免被 fail2ban 发现。我希望能够手动将 IP 添加到 Fail2Ban 的封禁列表中,这些 IP 将在特定时间段内解禁(但可能比通常的时间更长)。有没有一种手动命令行方式可以告诉 fail2ban 阻止某个 IP/范围,然后在一段时间后解禁?这是在 CentOS7 下

答案1

有一个 fail2ban 客户端:

# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>

例子:

# fail2ban-client set example banip 10.10.1.1
10.10.1.1

# fail2ban-client status example
Status for the jail: example
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 10
|  `- File list:    /var/log/example.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 2
   `- Banned IP list:   10.10.1.1

# fail2ban-client set example unbanip 10.10.1.1
10.10.1.1

# fail2ban-client status example
Status for the jail: example
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 10
|  `- File list:    /var/log/example.log
`- Actions
   |- Currently banned: 0
   |- Total banned: 2
   `- Banned IP list:

相关内容