당신의 출력을 보면 iptables-save
, 당신은 볼 것이다 fail2ban
그들은 예를 들어, 필터에 의해 정의 된 규칙에 따라 패킷을 평가하기 때문에 체인이 설정은 다음과 같습니다
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -A INPUT -p tcp -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-ssh -j RETURN
다른 라우팅 규칙이 적용되고 트래픽이 거부되기 전에 트래픽은 여전히 서버에 도달합니다 . fail2ban
이 초기 트래픽이 계속 표시되므로 "이미 금지 된"메시지가 표시됩니다. 또한, 재범을위한 특별한 필터 ( /etc/fail2ban/filter.d/recidive.conf
)가 있습니다 :
# Fail2Ban filter for repeat bans
#
# This filter monitors the fail2ban log file, and enables you to add long
# time bans for ip addresses that get banned by fail2ban multiple times.
#
# Reasons to use this: block very persistent attackers for a longer time,
# stop receiving email notifications about the same attacker over and
# over again.
#
# This jail is only useful if you set the 'findtime' and 'bantime' parameters
# in jail.conf to a higher value than the other jails. Also, this jail has its
# drawbacks, namely in that it works only with iptables, or if you use a
# different blocking mechanism for this jail versus others (e.g. hostsdeny
# for most jails, and shorewall for this one).
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = fail2ban\.server\.actions
# The name of the jail that this filter is used for. In jail.conf, name the
# jail using this filter 'recidive', or change this line!
_jailname = recidive
failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)WARNING\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
[Init]
journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=4
# Author: Tom Hendrikx, modifications by Amir Caspi
iptables -L -nv
질문에 대한 결과를 추가 할 수 있습니까?