我的设置如下:
fail2ban
使用一些监狱(运行良好)FirewallD
来阻止捕获的 IP。
这是我的默认防火墙:
myzone
target: default
icmp-block-inversion: no
interfaces:
sources:
services: rcsa dhcpv6-client http https
ports: 80/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="79.48.51.171" port port="3306" protocol="tcp" accept
rule family="ipv4" source address="155.121.53.253" port port="22" protocol="tcp" accept
rule family="ipv4" source address="79.48.51.171" port port="22" protocol="tcp" accept
因此端口 80 和 443/tcp 是打开的。
然后,我触发一些 fail2ban 规则(使用在线代理),并在防火墙中得到以下信息:
myzone
target: default
icmp-block-inversion: no
interfaces:
sources:
services: rcsa dhcpv6-client http https
ports: 80/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="79.48.51.171" port port="3306" protocol="tcp" accept
rule family="ipv4" source address="155.121.53.253" port port="22" protocol="tcp" accept
rule family="ipv4" source address="79.48.51.171" port port="22" protocol="tcp" accept
rule family="ipv4" source address="37.58.58.206" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="37.58.58.206" port port="https" protocol="tcp" reject type="icmp-port-unreachable"
因此,添加了 2 条新规则。很好。不过,该 IP 是没有被拒绝并且不顾 FirewallD 中的这些规则,继续淹没我的服务器。
这有什么问题吗?我正在从 UFW 切换到 FirewallD。
答案1
Debian/Ubuntu 没有对firewalld 的默认禁令,因为这不是这些发行版的默认防火墙。
您应该设置banaction = firewallcmd-ipset
,以创建一个 ipset,fail2ban 会将禁止的地址插入其中,然后从防火墙调用它。Red Hat 系统已经包含此配置位,因为它们默认使用防火墙。因此,您只需创建它们包含的相同文件即可,网址为/etc/fail2ban/jail.d/00-firewalld.conf
[DEFAULT]
banaction = firewallcmd-ipset