问题
How do I ban an attacker IP with Fail2Ban manually by command line?
回答1:
You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:
ufw insert 1 deny from <ip> to any
But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any
This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.
回答2:
sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
Check the jail where to add the IP using sudo fail2ban-client status
回答3:
sudo fail2ban-client -vvv 'set' 'jail' 'banip' 'ip'
Definitely works as the manual solution. Just login via ssh and execute.
only thing is I keep getting "beatify" messages?
Also not sure if this will ban an ip range e.g. enter '185.130.5' to ban all ranges from '185.130.5.0' to 255?
来源:https://stackoverflow.com/questions/29018312/howto-ban-ip-with-fail2ban-manually-by-command-line