我读过其他几篇文章,它们也提到了同样的问题。以下是来自 fail2ban 的日志:
2018-09-26 22:16:52,286 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,733 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:52
2018-09-26 22:16:52,927 fail2ban.actions [24743]: NOTICE [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,118 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,431 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,529 fail2ban.actions [24743]: NOTICE [core_404] 172.16.38.1 already banned
2018-09-26 22:16:53,605 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,768 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:53,823 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:53
2018-09-26 22:16:54,131 fail2ban.actions [24743]: NOTICE [core_404] 172.16.38.1 already banned
2018-09-26 22:16:54,225 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,381 fail2ban.filter [24743]: INFO [core_404] Found 172.16.38.1 - 2018-09-26 22:16:54
2018-09-26 22:16:54,933 fail2ban.actions [24743]: NOTICE [core_404] 172.16.38.1 already banned
如果我看一下iptables -L
,我会看到这个:
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-core_404 tcp -- anywhere anywhere multiport dports http,https
f2b-core tcp -- anywhere anywhere multiport dports http,https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-core (1 references)
target prot opt source destination
REJECT all -- 172.16.38.1 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-core_404 (1 references)
target prot opt source destination
REJECT all -- 172.16.38.1 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
但仍然没有禁止该 IP 地址。already banned
如果实际上尚未被禁止,这到底意味着什么?这真是令人困惑和沮丧。
jail.conf
我的文件如下所示:
[core]
enabled = true
filter = core
port = http,https
logpath = /home/user/Documents/rails/portal/log/devise.log
bantime = 3600
findtime = 600
maxretry = 2
[core_404]
enabled = true
filter = core_404
port = http,https
logpath = /home/user/Documents/rails/portal/log/404.log
bantime = 3600
findtime = 600
maxretry = 2
我在这里遗漏了什么?
编辑
还有另一种情况。同样的事情,显示已被禁止。但如果我去 iptables,它是空的:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-core_404 (0 references)
target prot opt source destination
编辑
我刚刚尝试的另一件事——ufw
状态为“不活动”,这是我的 iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- <my_ip> anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
仍未阻止该 IP 地址。看来无法阻止此 DigitalOcean VPS 上的 IP
答案1
您需要从同一 IP 至少有 3 次登录失败,fail2ban 才能禁止该 IP。
答案2
因此,事实证明 iptables 和 Cloudflare(以及其他代理服务器)根本不起作用。iptables 只能看到连接 IP,而看不到 X-Forwarded-For IP