fail2ban 차단 관련...

밴하고 있을 시간을 -1로 하면 영구 차단이라고 한다.

bantime = -1

[링크 : http://serverfault.com/questions/415040/permanent-block-of-ip-after-n-retries-using-fail2ban]

그런데 fail2ban 설정을 바꾼다고 재시작 해버리니 밴이 풀리네?!

그걸 유지할 방법이 없을려나

192.168.0.xxx 이런식으로 대역을 전체 막는 방법

$ vi /etc/fail2ban/jail.conf banaction = iptables-multiport

$ vi /etc/fail2ban/action.d/iptables-multiport.conf actionban = iptables -I fail2ban-<name> 1 -s <ip>/24 -j <blocktype> actionunban = iptables -D fail2ban-<name> -s <ip>/24 -j <blocktype>

$ man iptables        [!] -s, --source address[/mask][,...]               Source  specification.  Address  can  be either a network name, a hostname, a network IP address (with /mask), or a plain IP address. Hostnames will be               resolved once only, before the rule is submitted to the kernel.  Please note that specifying any name to be resolved with a remote query such as DNS is               a  really bad idea.  The mask can be either an ipv4 network mask (for iptables) or a plain number, specifying the number of 1's at the left side of the               network mask.  Thus, an iptables mask of 24 is equivalent to 255.255.255.0.  A "!" argument before the address specification inverts the sense  of  the               address.  The  flag  --src  is an alias for this option.  Multiple addresses can be specified, but this will expand to multiple rules (when adding with               -A), or will cause multiple rules to be deleted (with -D).

[링크 : https://www.righter.ch/index.php/2014/12/10/block-a-whole-ip-range-with-fail2ban/]

블랙리스트 파일

[링크 : http://looke.ch/wp/list-based-permanent-bans-with-fail2ban]

수동 ban

$ fail2ban-client      set <JAIL> banip <IP>                    manually Ban <IP> for <JAIL>     set <JAIL> unbanip <IP>                  manually Unban <IP> in <JAIL>

하나만 차단하기

$ sudo fail2ban-client set ssh banip 221.194.44.252

대역 차단하기

$ sudo fail2ban-client set ssh banip 221.194.44.252/24

$ sudo iptables -L Chain fail2ban-ssh (1 references) target     prot opt source               destination REJECT     all  --  221.194.44.0/24      anywhere             reject-with icmp-port-unreachable REJECT     all  --  221.194.44.252       anywhere             reject-with icmp-port-unreachable RETURN     all  --  anywhere             anywhere

[링크 : https://www.howtoforge.com/community/threads/how-to-manually-unban-ip-blocked-by-fail2ban.51366/]