gio*_*o79 9 fail2ban firewalld
我有带 firewalld 的 CentOS 7。我安装了 fail2ban 并使用 firewallcmd-new 操作。我在fail2ban 日志中看到禁止,如果它们被阻止,我想检查firewallcmd。我该怎么做?
Mic*_*ton 11
首先,我强烈建议您使用,banaction = firewallcmd-ipset因为当禁止列表开始变大时,这将提供更好的性能。
现在,使用fail2ban 的任何firewalld 操作,它都会添加一个直接规则,您可以使用firewall-cmd --direct --get-all-rules以下命令进行检查:
# firewall-cmd --direct --get-all-rules
ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable
ipv4 filter INPUT 0 -p tcp -m multiport --dports 0:65535 -m set --match-set fail2ban-nginx-http-auth src -j REJECT --reject-with icmp-port-unreachable
ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-nginx-wordpress-login src -j REJECT --reject-with icmp-port-unreachable
如您所见,我使用的是firewallcmd-ipset,因此此处未列出实际禁止的 IP 地址。相反,我发现它们具有ipset list:
# ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Size in memory: 16528
References: 1
Members:
Name: fail2ban-nginx-http-auth
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Size in memory: 16528
References: 1
Members:
Name: fail2ban-nginx-wordpress-login
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 86400
Size in memory: 40656
References: 1
Members:
108.62.172.244 timeout 70819
108.62.172.121 timeout 82750
212.252.164.233 timeout 69907
108.62.24.87 timeout 58024
23.19.127.20 timeout 84310
### many more omitted...