那些遇到过的问题

Fail2Ban 由于流量被阻止而阻止了我的 IP 地址,我该如何阻止它禁止我?

Riz*_*aan 3 server firewall fail2ban

我需要知道什么程序或什么具体规则禁止我的IP,因为在我编程时经常发生这种情况。它会禁止我的路由器内部 IP,因为我是通过 LAN 连接的。大约10分钟后,它就会解禁该IP。我需要知道那是什么在做。

\n\n

这是内核日志,

\n\n
Jul 24 12:40:35 buntubox-001 kernel: [68405.371388] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:42:40 buntubox-001 kernel: [68530.812091] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:44:46 buntubox-001 kernel: [68656.252761] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:46:51 buntubox-001 kernel: [68781.693450] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:48:56 buntubox-001 kernel: [68907.134130] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:51:02 buntubox-001 kernel: [69032.574810] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:53:07 buntubox-001 kernel: [69158.015484] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:55:13 buntubox-001 kernel: [69283.456341] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:57:18 buntubox-001 kernel: [69408.896851] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 12:59:24 buntubox-001 kernel: [69534.337509] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:01:29 buntubox-001 kernel: [69659.778153] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:03:35 buntubox-001 kernel: [69785.218879] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:05:40 buntubox-001 kernel: [69910.659585] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:07:45 buntubox-001 kernel: [70036.100269] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:09:51 buntubox-001 kernel: [70161.540931] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:11:56 buntubox-001 kernel: [70286.981572] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:14:02 buntubox-001 kernel: [70412.422228] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:16:07 buntubox-001 kernel: [70537.862891] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:18:13 buntubox-001 kernel: [70663.303475] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n\nJul 24 13:20:18 buntubox-001 kernel: [70788.744104] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$\n
Run Code Online (Sandbox Code Playgroud)\n\n

这是fail2ban 日志:

\n\n
2017-07-24 06:25:17,215 fail2ban.server [1219]: INFO rollover performed on /var/log/fail2ban.log\n\n2017-07-24 06:25:50,566 fail2ban.filter [1219]: INFO Log rotation detected for /var/log/auth.log\n\n2017-07-24 06:27:31,632 fail2ban.filter [1219]: INFO [sshd] Found 177.129.242.80\n\n2017-07-24 07:42:37,836 fail2ban.filter [1219]: INFO [sshd] Found\xc2\xa0171.25.193.131\n\n2017-07-24 07:44:27,693 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202\n\n2017-07-24 07:44:27,760 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202\n\n2017-07-24 08:17:01,802 fail2ban.filter [1219]: INFO [sshd] Found 119.193.140.164\n\n2017-07-24 09:44:05,257 fail2ban.filter [1219]: INFO [sshd] Found 91.197.232.103\n\n2017-07-24 13:09:25,355 fail2ban.filter [1219]: INFO [sshd] Found 218.68.140.168\n
Run Code Online (Sandbox Code Playgroud)\n\n

最后是我的 iptables -L

\n\n
root@buntubox-001:/var/www/html# iptables -L\n\nChain INPUT (policy DROP)\n\ntarget prot opt source destination\n\nDROP all -- 192.168.1.1 anywhere\n\nf2b-sshd tcp -- anywhere anywhere multiport dports ssh\n\nufw-before-logging-input all -- anywhere anywhere\n\nufw-before-input all -- anywhere anywhere\n\nufw-after-input all -- anywhere anywhere\n\nufw-after-logging-input all -- anywhere anywhere\n\nufw-reject-input all -- anywhere anywhere\n\nufw-track-input all -- anywhere anywhere\n\n\xc2\xa0\n\nChain FORWARD (policy DROP)\n\ntarget prot opt source destination\n\nDROP all -- 192.168.1.1 anywhere\n\nufw-before-logging-forward all -- anywhere anywhere\n\nufw-before-forward all -- anywhere anywhere\n\nufw-after-forward all -- anywhere anywhere\n\nufw-after-logging-forward all -- anywhere anywhere\n\nufw-reject-forward all -- anywhere anywhere\n\nufw-track-forward all -- anywhere anywhere\n\n\xc2\xa0\n\nChain OUTPUT (policy ACCEPT)\n\ntarget prot opt source destination\n\nufw-before-logging-output all -- anywhere anywhere\n\nufw-before-output all -- anywhere anywhere\n\nufw-after-output all -- anywhere anywhere\n\nufw-after-logging-output all -- anywhere anywhere\n\nufw-reject-output all -- anywhere anywhere\n\nufw-track-output all -- anywhere anywhere\n\n\xc2\xa0\n\nChain f2b-sshd (1 references)\n\ntarget prot opt source destination\n\nRETURN all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-after-forward (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-after-input (1 references)\n\ntarget prot opt source destination\n\nufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns\n\nufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm\n\nufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn\n\nufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds\n\nufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps\n\nufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc\n\nufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST\n\n\xc2\xa0\n\nChain ufw-after-logging-forward (1 references)\n\ntarget prot opt source destination\n\nLOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "\n\n\xc2\xa0\n\nChain ufw-after-logging-input (1 references)\n\ntarget prot opt source destination\n\nLOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "\n\n\xc2\xa0\n\nChain ufw-after-logging-output (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-after-output (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-before-forward (1 references)\n\ntarget prot opt source destination\n\nACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED\n\nACCEPT icmp -- anywhere anywhere icmp destination-unreachable\n\nACCEPT icmp -- anywhere anywhere icmp source-quench\n\nACCEPT icmp -- anywhere anywhere icmp time-exceeded\n\nACCEPT icmp -- anywhere anywhere icmp parameter-problem\n\nACCEPT icmp -- anywhere anywhere icmp echo-request\n\nufw-user-forward all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-before-input (1 references)\n\ntarget prot opt source destination\n\nACCEPT all -- anywhere anywhere\n\nACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED\n\nufw-logging-deny all -- anywhere anywhere ctstate INVALID\n\nDROP all -- anywhere anywhere ctstate INVALID\n\nACCEPT icmp -- anywhere anywhere icmp destination-unreachable\n\nACCEPT icmp -- anywhere anywhere icmp source-quench\n\nACCEPT icmp -- anywhere anywhere icmp time-exceeded\n\nACCEPT icmp -- anywhere anywhere icmp parameter-problem\n\nACCEPT icmp -- anywhere anywhere icmp echo-request\n\nACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc\n\nufw-not-local all -- anywhere anywhere\n\nACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns\n\nACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900\n\nufw-user-input all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-before-logging-forward (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-before-logging-input (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-before-logging-output (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-before-output (1 references)\n\ntarget prot opt source destination\n\nACCEPT all -- anywhere anywhere\n\nACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED\n\nufw-user-output all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-logging-allow (0 references)\n\ntarget prot opt source destination\n\nLOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "\n\n\xc2\xa0\n\nChain ufw-logging-deny (2 references)\n\ntarget prot opt source destination\n\nRETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10\n\nLOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "\n\n\xc2\xa0\n\nChain ufw-not-local (1 references)\n\ntarget prot opt source destination\n\nRETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL\n\nRETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST\n\nRETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST\n\nufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10\n\nDROP all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-reject-forward (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-reject-input (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-reject-output (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-skip-to-policy-forward (0 references)\n\ntarget prot opt source destination\n\nDROP all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-skip-to-policy-input (7 references)\n\ntarget prot opt source destination\n\nDROP all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-skip-to-policy-output (0 references)\n\ntarget prot opt source destination\n\nACCEPT all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-track-forward (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-track-input (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-track-output (1 references)\n\ntarget prot opt source destination\n\nACCEPT tcp -- anywhere anywhere ctstate NEW\n\nACCEPT udp -- anywhere anywhere ctstate NEW\n\n\xc2\xa0\n\nChain ufw-user-forward (1 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-user-input (1 references)\n\ntarget prot opt source destination\n\nACCEPT tcp -- anywhere anywhere tcp dpt:http\n\nACCEPT udp -- anywhere anywhere udp dpt:http\n\nACCEPT tcp -- anywhere anywhere tcp dpt:ssh\n\nACCEPT udp -- anywhere anywhere udp dpt:ssh\n\nACCEPT tcp -- anywhere anywhere tcp dpt:http /* \'dapp_Apache\' */\n\nACCEPT all -- 192.168.1.1 anywhere\n\nACCEPT all -- 192.168.1.0/24 anywhere\n\n\xc2\xa0\n\nChain ufw-user-limit (0 references)\n\ntarget prot opt source destination\n\nLOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "\n\nREJECT all -- anywhere anywhere reject-with icmp-port-unreachable\n\n\xc2\xa0\n\nChain ufw-user-limit-accept (0 references)\n\ntarget prot opt source destination\n\nACCEPT all -- anywhere anywhere\n\n\xc2\xa0\n\nChain ufw-user-logging-forward (0 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-user-logging-input (0 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-user-logging-output (0 references)\n\ntarget prot opt source destination\n\n\xc2\xa0\n\nChain ufw-user-output (1 references)\n\ntarget prot opt source destination\n
Run Code Online (Sandbox Code Playgroud)\n\n

提前致谢

\n

Tho*_*ard 5

这里的核心问题是多播(根据您的日志)。IGMP 代表“Internet 组管理协议”,是 IPv4 网络上的主机和相邻路由器用来建立多播组成员资格的通信协议。在大多数网络中,这是不必要的,可以安全地忽略。

您在“目标”上看到的 IP 地址是标准多播地址 - 224.0.0.1您的系统很可能正在尝试使用 IGMP,为避免这种情况,请在 LOG 规则之前设置一条仅对多播数据包执行 DROP 的规则。例如:

sudo iptables -I INPUT 1 -m pkttype --pkt-type multicast -j DROP
Run Code Online (Sandbox Code Playgroud)

这将丢弃流量并且不会触发日志条目 - 因此这意味着 Fail2Ban 看不到有关它的日志消息,因此您可以“丢弃”流量,F2B 将忽略它,因为它不知道它来自日志。

(请注意,如果您使用 UFW,添加此类规则可能会更困难 - UFW 不像直接那样通用iptables

请注意,我们在 Ubuntu 上的一个客户端网络上有一个 PSAD 框,我们只是默默地丢弃多播流量,因为我们并不真正关心我们正在监控的网络上的 IGMP/多播流量 - 我们只在我们监控的其他流量上触发不要期望(例如,我们用于确定不属于我们的恶意系统的常规网络扫描仪已列入白名单并在规则集中较早地“删除”,因此 PSAD 和 F2B 看不到它)。

相关外部资源:https://ubuntuforums.org/archive/index.php/t-2231716.html

归档时间:

查看次数:

1273 次

最近记录:

8 年,3 月 前
ufw 的白名单 IP 6
更多相关链接
相关归档
允许非 sudo 组控制 Upstart 工作 11
netplan 是否在一个接口上支持 DHCP 和静态地址? 9
将动态防火墙从 Fedora 15 导入 Ubuntu? 8
如何使用桌面客户​​端连接到我的 Amazon EC2 服务器 7
pgadmin3:无法初始化 gtk,是否正确设置了 DISPLAY? 6
如何在安装过程中使用加密的 lvm root 挂载 /? 6
为什么 hd-idle 需要 sudo 才能在 rc.local 中运行? 6
如何将文件从一台服务器传输到另一台服务器? 5
autossh -ND 在 Ubuntu 启动 5
有 Lubuntu 服务器版本吗? 1
难疑归档
如何让“python”程序命令执行 Python 3? 536
如何从命令行挂起/休眠? 433
双启动时时钟时间关闭 369
升级后定期弹出“检测到系统程序问题” 356
如何压缩文件夹但排除 .git 子文件夹 281
从 PDF 中提取嵌入的图像 211
如何从 CLI 终止所有 tmux 会话(或至少多个会话)? 149
fstab 中的最后两个字段是什么意思? 130
每种 Ubuntu 桌面版本的系统要求是什么? 116
如何设置自定义分辨率? 114