分类: LINUX
2012-01-13 10:12:08
添加一个新action:
cp /action.d/iptables.conf /action.d/iptables-subnet.conf
修改/action.d/iptables-subnet.conf
actionban = iptables
-I fail2ban-
actionunban =
iptables -D fail2ban-
在ip选项的后面加上/24
这样添加iptables规则时候就会对网段进行封锁
创建一个新filter.d
[root@CentOS6-78 fail2ban]# cat filter.d/manually.conf
[Definition]
failregex =
在jail.conf添加一个规则:
[manually-ip]
enabled = true
filter = manually
action = iptables[name=httpd, port=80, protocol=tcp]
logpath = /etc/fail2ban/manually-ip
maxretry = 1
[manually-subnet]
enabled = true
filter = manually
action = iptables-subnet[name=httpd, port=80, protocol=tcp]
logpath = /etc/fail2ban/manually-subnet
maxretry = 1
新建一个脚本:
[root@CentOS6-78 fail2ban]# cat fail2ban
#!/bin/bash
ip=$1
value=$2
time=$3
fail2ban()
{
if [ $value == "ip" ];then
if [ $time = "day" ];then
/usr/bin/fail2ban-client set manually-ip bantime 86400 >/dev/null
echo $ip `date` >> /etc/fail2ban/manually-ip
exit 0
elif [ $time = "hour" ];then
/usr/bin/fail2ban-client set manually-ip bantime 3600 >/dev/null
echo $ip `date` >> /etc/fail2ban/manually-ip
exit 0
else
echo "The 3rd parameter must be "day" or "hour""
exit 1
fi
elif [ $value == "subnet" ];then
if [ $time = "day" ];then
/usr/bin/fail2ban-client set manually-subnet bantime 86400 >/dev/null
echo $ip `date` >> /etc/fail2ban/manually-subnet
exit 0
elif [ $time = "hour" ];then
/usr/bin/fail2ban-client set manually-subnet bantime 3600 >/dev/null
echo $ip `date` >> /etc/fail2ban/manually-subnet
exit 0
else
echo "The 3rd parameter must be "day" or "hour""
exit 1
fi
else
echo "The 2nd parameter must be "ip" or "subnet""
exit 1
fi
}
case "$#" in
3 ) fail2ban
;;
* ) echo printf "Usage: \nfail2ban 192.168.2.137 ip day\nfail2ban 192.168.2.0 subnet hour\n";;
esac
exit 0