问题描述

如何通过命令行手动使用Fail2Ban禁止攻击者IP?

How do I ban an attacker IP with Fail2Ban manually by command line?

推荐答案

您可以通过将其IP添加到防火墙来手动禁止他.如果您使用的是UFW，则可以在命令行中输入以下内容:

You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:

ufw insert 1 deny from <ip> to any

但是您不想手动执行操作-Fail2Ban的目的是自动禁止某人.使用本教程配置Fail2Ban以自动更新您的UFW规则.重要的部分是将banaction = ufw-SOMETHING添加到您的jail.conf，然后在/etc/fail2ban/action.d/文件夹中创建具有以下内容的ufw-SOMETHING.conf:

But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any

这将在预定的时间内完全禁止IP.如果要禁止他直到下次重新启动，请省略actionunban命令.

This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.

这篇关于如何通过命令行手动使用Fail2Ban禁止IP?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！