Fail2ban 实际上并没有禁止，但它说自己禁止了

我读过其他几篇文章，它们也提到了同样的问题。以下是来自 fail2ban 的日志：

2018-09-26 22:16:52,286 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,733 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,927 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,118 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,431 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,529 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,605 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,768 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,823 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:54,131 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned
2018-09-26 22:16:54,225 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,381 fail2ban.filter         [24743]: INFO    [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,933 fail2ban.actions        [24743]: NOTICE  [core_404] 172.16.38.1 already banned

如果我看一下iptables -L，我会看到这个：

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-core_404  tcp  --  anywhere             anywhere             multiport dports http,https
f2b-core   tcp  --  anywhere             anywhere             multiport dports http,https

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-core (1 references)
target     prot opt source               destination         
REJECT     all  --  172.16.38.1          anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere            

Chain f2b-core_404 (1 references)
target     prot opt source               destination         
REJECT     all  --  172.16.38.1          anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere    

但仍然没有禁止该 IP 地址。already banned如果实际上尚未被禁止，这到底意味着什么？这真是令人困惑和沮丧。

jail.conf我的文件如下所示：

[core]
enabled = true
filter  = core
port    = http,https
logpath = /home/user/Documents/rails/portal/log/devise.log
bantime = 3600
findtime = 600
maxretry = 2

[core_404]
enabled = true
filter  = core_404
port    = http,https
logpath = /home/user/Documents/rails/portal/log/404.log
bantime = 3600
findtime = 600
maxretry = 2

我在这里遗漏了什么？

编辑

还有另一种情况。同样的事情，显示已被禁止。但如果我去 iptables，它是空的：

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-core_404 (0 references)
target     prot opt source               destination     

编辑

我刚刚尝试的另一件事——ufw状态为“不活动”，这是我的 iptables：

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  <my_ip>      anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

仍未阻止该 IP 地址。看来无法阻止此 DigitalOcean VPS 上的 IP