Chinaunix首页 | 论坛 | 博客
  • 博客访问: 235978
  • 博文数量: 57
  • 博客积分: 1149
  • 博客等级: 少尉
  • 技术积分: 584
  • 用 户 组: 普通用户
  • 注册时间: 2011-10-29 11:35
文章分类

全部博文(57)

文章存档

2016年(1)

2014年(1)

2013年(2)

2012年(27)

2011年(26)

分类: LINUX

2012-01-13 10:12:08

添加一个新action

cp  /action.d/iptables.conf /action.d/iptables-subnet.conf

 

修改/action.d/iptables-subnet.conf

actionban = iptables -I fail2ban- 1 -s /24 -j DROP

actionunban = iptables -D fail2ban- -s /24 -j DROP

 

ip选项的后面加上/24

这样添加iptables规则时候就会对网段进行封锁

 

创建一个新filter.d

[root@CentOS6-78 fail2ban]# cat filter.d/manually.conf

[Definition]

failregex =

 

jail.conf添加一个规则:

[manually-ip]

enabled  = true

filter   = manually

action   = iptables[name=httpd, port=80, protocol=tcp]

logpath  = /etc/fail2ban/manually-ip

maxretry = 1

 

[manually-subnet]

enabled  = true

filter   = manually

action   = iptables-subnet[name=httpd, port=80, protocol=tcp]

logpath  = /etc/fail2ban/manually-subnet

maxretry = 1

 

新建一个脚本:

[root@CentOS6-78 fail2ban]# cat fail2ban

#!/bin/bash

 

ip=$1

value=$2

time=$3

 

fail2ban()

{

if [ $value == "ip" ];then

        if [ $time = "day" ];then

                /usr/bin/fail2ban-client set manually-ip bantime 86400 >/dev/null

                echo $ip `date` >> /etc/fail2ban/manually-ip

                exit 0

        elif [ $time = "hour" ];then

                /usr/bin/fail2ban-client set manually-ip bantime 3600 >/dev/null

                echo $ip `date` >> /etc/fail2ban/manually-ip

                exit 0

        else

                echo "The 3rd parameter must be "day" or "hour""

                exit 1

        fi

elif [ $value == "subnet" ];then

        if [ $time = "day" ];then

                /usr/bin/fail2ban-client set manually-subnet bantime 86400 >/dev/null

                echo $ip `date` >> /etc/fail2ban/manually-subnet

                exit 0

        elif [ $time = "hour" ];then

                /usr/bin/fail2ban-client set manually-subnet bantime 3600 >/dev/null

                echo $ip `date` >> /etc/fail2ban/manually-subnet

                exit 0

        else

                echo "The 3rd parameter must be "day" or "hour""

                exit 1

        fi

else

        echo "The 2nd parameter must be "ip" or "subnet""

        exit 1

fi

}

 

case "$#" in

        3 ) fail2ban

        ;;

        * ) echo printf "Usage: \nfail2ban 192.168.2.137 ip day\nfail2ban 192.168.2.0 subnet hour\n";;

esac

exit 0

 

 

 

阅读(3129) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~