如何在 Ubuntu 20.04 上使用 UFW 设置 fail2ban?

如何在 Ubuntu 20.04 上使用 UFW 设置 fail2ban?

我正在尝试使用fail2ban以下ufw配置和默认配置ufw.conf来阻止 IP 地址/etc/fail2ban/action.d

监狱配置

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw[application=$(app), blocktype=reject]

ufw 配置

actionstart =

actionstop =

actioncheck =

actionban = [ -n "<application>" ] && app="app <application>"
            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app

actionunban = [ -n "<application>" ] && app="app <application>"
              ufw delete <blocktype> from <ip> to <destination> $app

[Init]
# Option: insertpos
# Notes.:  The position number in the firewall list to insert the block rule
insertpos = 1

# Option: blocktype
# Notes.: reject or deny
blocktype = reject

# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any

# Option: application
# Notes.: application from sudo ufw app list
application =

# DEV NOTES:
# 
# Author: Guilhem Lettron
# Enhancements: Daniel Black

目前,一切都设置正确,因为我收到了有关禁止 IP 的 fail2ban 通知,但我没有看到任何禁止 IP 地址ufw status

我该如何正确fail2banufw阻止 IP 地址?

谢谢

答案1

正如@sebres 在他的评论中指出的那样,

  1. 我猜将其指定application=$(app)为操作参数是不正确的,您必须使用实际应用程序(ufw 已知)或将其删除/设置为空值

解决方案是删除此部分:

[application=$(app), blocktype=reject]

banaction = ufw在配置监狱之后。

现在ufw阻止所有不受欢迎的 IP 地址。

关键是:

[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw

我希望这个能帮上忙。

答案2

我也遇到了同样的问题。您的代码实际上对我有用,添加

banaction = ufw[application=$(app), blocktype=reject]

所以我的最终 jail.local 是这样的

...
[apache-auth]
enabled  = true
port = http, https
logpath  = /var/log/apache2/error.log
banaction   = ufw[application=$(app), blocktype=reject]
bantime = 100h
maxretry = 2
ignoreip = 192.168.0.101
ignoreself = true
...

相关内容