我正在尝试使用fail2ban以下ufw配置和默认配置ufw.conf来阻止 IP 地址/etc/fail2ban/action.d。
监狱配置
[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw[application=$(app), blocktype=reject]
ufw 配置
actionstart =
actionstop =
actioncheck =
actionban = [ -n "<application>" ] && app="app <application>"
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
actionunban = [ -n "<application>" ] && app="app <application>"
ufw delete <blocktype> from <ip> to <destination> $app
[Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule
insertpos = 1
# Option: blocktype
# Notes.: reject or deny
blocktype = reject
# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any
# Option: application
# Notes.: application from sudo ufw app list
application =
# DEV NOTES:
#
# Author: Guilhem Lettron
# Enhancements: Daniel Black
目前,一切都设置正确,因为我收到了有关禁止 IP 的 fail2ban 通知,但我没有看到任何禁止 IP 地址ufw status。
我该如何正确fail2ban地ufw阻止 IP 地址?
谢谢
答案1
正如@sebres 在他的评论中指出的那样,
- 我猜将其指定
application=$(app)为操作参数是不正确的,您必须使用实际应用程序(ufw 已知)或将其删除/设置为空值
解决方案是删除此部分:
[application=$(app), blocktype=reject]
banaction = ufw在配置监狱之后。
现在ufw阻止所有不受欢迎的 IP 地址。
关键是:
[app-custom]
enabled = true
maxretry = 1
journalmatch =
backend = polling
logpath = %(log_path)s
findtime = 120
bantime = -1
banaction = ufw
我希望这个能帮上忙。
答案2
我也遇到了同样的问题。您的代码实际上对我有用,添加
banaction = ufw[application=$(app), blocktype=reject]
所以我的最终 jail.local 是这样的
...
[apache-auth]
enabled = true
port = http, https
logpath = /var/log/apache2/error.log
banaction = ufw[application=$(app), blocktype=reject]
bantime = 100h
maxretry = 2
ignoreip = 192.168.0.101
ignoreself = true
...