Howto ban IP with Fail2Ban manually by command line?

后端 未结 3 1615
死守一世寂寞
死守一世寂寞 2021-02-01 16:01

How do I ban an attacker IP with Fail2Ban manually by command line?

相关标签:
3条回答
  • 2021-02-01 16:26

    You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:

    ufw insert 1 deny from <ip> to any
    

    But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:

    [Definition]
    actionstart =
    actionstop =
    actioncheck =
    actionban = ufw insert 1 deny from <ip> to any
    actionunban = ufw delete deny from <ip> to any
    

    This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.

    0 讨论(0)
  • 2021-02-01 16:34

    Ban IP manually

    
    fail2ban-client set jail_name banip xx.xx.xx.xx
    
    
    
    0 讨论(0)
  • 2021-02-01 16:49

    fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ

    Check the jail where to add the IP using fail2ban-client status

    Both commands may require to be executed as sudoer. In this case add a sudo before them.

    0 讨论(0)
提交回复
热议问题