Fail2ban 实际上并没有禁止,但它说自己禁止了

Fail2ban 实际上并没有禁止,但它说自己禁止了

我读过其他几篇文章,它们也提到了同样的问题。以下是来自 fail2ban 的日志:

2018-09-26 22:16:52,286 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,733 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,927 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,118 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,431 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,529 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,605 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,768 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,823 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:54,131 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:54,225 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,381 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,933 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned

如果我看一下iptables -L,我会看到这个:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-core_404  tcp  --  anywhere             anywhere             multiport dports http,https
f2b-core   tcp  --  anywhere             anywhere             multiport dports http,https

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-core (1 references)
target     prot opt source               destination         
REJECT     all  --  172.16.38.1          anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere            

Chain f2b-core_404 (1 references)
target     prot opt source               destination         
REJECT     all  --  172.16.38.1          anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere    

但仍然没有禁止该 IP 地址。already banned如果实际上尚未被禁止,这到底意味着什么?这真是令人困惑和沮丧。

jail.conf我的文件如下所示:

[core]
enabled = true
filter  = core
port    = http,https
logpath = /home/user/Documents/rails/portal/log/devise.log
bantime = 3600
findtime = 600
maxretry = 2

[core_404]
enabled = true
filter  = core_404
port    = http,https
logpath = /home/user/Documents/rails/portal/log/404.log
bantime = 3600
findtime = 600
maxretry = 2

我在这里遗漏了什么?

编辑

还有另一种情况。同样的事情,显示已被禁止。但如果我去 iptables,它是空的:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-core_404 (0 references)
target     prot opt source               destination     

编辑

我刚刚尝试的另一件事——ufw状态为“不活动”,这是我的 iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  <my_ip>      anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

仍未阻止该 IP 地址。看来无法阻止此 DigitalOcean VPS 上的 IP

答案1

您需要从同一 IP 至少有 3 次登录失败,fail2ban 才能禁止该 IP。

答案2

因此,事实证明 iptables 和 Cloudflare(以及其他代理服务器)根本不起作用。iptables 只能看到连接 IP,而看不到 X-Forwarded-For IP

相关内容