我正在尝试排除 Fail2ban 识别我们的 http-get-dos 触发器但实际上并未禁止有问题的主机的故障。我可以看到它在 iptables 规则中添加了条目,但它们没有任何影响。
因此我尝试手动禁止一个主机,但也无法让它工作。
我正在尝试删除来自特定主机的所有流量。我插入了一条 DROP 规则,并附加了一条 DROP 规则,因此它们会将所有内容都封顶。我已将尝试禁止的主机的 IP 地址划掉。此主机仍可连接到我的 Web 服务器并获取网页。
我肯定漏掉了一些愚蠢的东西。以下是 iptables -nvL 输出:
sudo iptables -nvL
Chain INPUT (policy ACCEPT 6226 packets, 31M bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * XX.XX.XX.XX 0.0.0.0/0
85222 7764K fail2ban-xmlrpc tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
85222 7764K fail2ban-HTTP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
85222 7764K fail2ban-HTTP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
137K 16M fail2ban-BadBots tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
82 7136 fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587,143,220,993,110,995
82 7136 fail2ban-postfix tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
137K 16M fail2ban-apache-overflows tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
137K 16M fail2ban-apache-noscript tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
16620 1181K fail2ban-ssh-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
16621 1181K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
0 0 DROP all -- * * XX.XX.XX.XX 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6649 packets, 5149K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
137K 16M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-HTTP (2 references)
pkts bytes target prot opt in out source destination
170K 16M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-apache-noscript (1 references)
pkts bytes target prot opt in out source destination
137K 16M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-apache-overflows (1 references)
pkts bytes target prot opt in out source destination
137K 16M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-postfix (1 references)
pkts bytes target prot opt in out source destination
82 7136 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-sasl (1 references)
pkts bytes target prot opt in out source destination
82 7136 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
16621 1181K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh-ddos (1 references)
pkts bytes target prot opt in out source destination
16620 1181K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-xmlrpc (1 references)
pkts bytes target prot opt in out source destination
以下是 iptables -S 的输出:
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-BadBots
-N fail2ban-HTTP
-N fail2ban-apache-noscript
-N fail2ban-apache-overflows
-N fail2ban-postfix
-N fail2ban-sasl
-N fail2ban-ssh
-N fail2ban-ssh-ddos
-N fail2ban-xmlrpc
-A INPUT -s XX.XX.XX.XX/32 -j DROP
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-xmlrpc
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-HTTP
-A INPUT -p tcp -m tcp --dport 80 -j fail2ban-HTTP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m multiport --dports 25,465,587,143,220,993,110,995 -j fail2ban-sasl
-A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-overflows
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-noscript
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh-ddos
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -s XX.XX.XX.XX/32 -j DROP
-A fail2ban-BadBots -j RETURN
-A fail2ban-HTTP -j RETURN
-A fail2ban-HTTP -j RETURN
-A fail2ban-apache-noscript -j RETURN
-A fail2ban-apache-overflows -j RETURN
-A fail2ban-postfix -j RETURN
-A fail2ban-sasl -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh-ddos -j RETURN
-A fail2ban-xmlrpc -j RETURN