Fail2Ban - IP Adressen speichern (Linux)
Noch in Bearbeitung
Regeln speichern und wiederherstellen
Skripte
sudo mkdir -p /mnt/synology/mail1/fail2ban/scripts sudo mkdir /mnt/synology/mail1/fail2ban/data
speichern
sudo vi /mnt/synology/mail1/fail2ban/scripts/export_recidive_set.sh
#!/bin/bash if [[ -z $1 ]] then echo "Usage: `basename $0` <output file>"; exit fi sudo nft list set ip fail2ban f2b-recidive > $1
wiederherstellen
sudo vi /mnt/synology/mail1/fail2ban/scripts/import_recidive_set.sh
#!/bin/bash if [[ -z $1 ]] || ! [[ -f $1 ]] then echo "Usage: `basename $0` <input file>"; exit fi sudo nft flush set ip fail2ban f2b-recidive; RECIDIVE_SET=`sed -e '/elements =/,/}/!d' $1`; if [[ -n $RECIDIVE_SET ]] then sudo nft add set ip fail2ban f2b-recidive { type ipv4_addr \; $RECIDIVE_SET \; }; fi
sudo chmod 770 /mnt/synology/mail1/fail2ban/scripts/*.sh
Konfiguration
sudo vi /etc/fail2ban/action.d/nftables-multiport.conf
[Definition] ... # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = /opt/fail2ban/scripts/export_recidive_set.sh /opt/fail2ban/data/recidive.txt # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = /opt/fail2ban/scripts/imxport_recidive_set.sh /opt/fail2ban/data/recidive.txt
Links
https://manpages.debian.org/testing/nftables/nft.8.en.html
https://wiki.ubuntuusers.de/fail2ban/
Temp
table ip fail2ban { set f2b-sasl { type ipv4_addr } set f2b-recidive { type ipv4_addr elements = { 45.125.65.52, 46.38.148.22, 46.38.150.47, 46.38.150.72, 46.38.150.132, 141.98.10.192, 141.98.10.208, 185.143.72.16, 185.143.72.25, 185.143.73.58, 185.143.73.93, 185.143.73.148, 185.143.73.162, 185.143.73.175, 185.143.73.203, 185.143.75.81, 185.143.75.153, 185.234.218.83 } } chain input { type filter hook input priority 100; policy accept; meta l4proto 0-255 ip saddr @f2b-recidive drop tcp dport { smtp, pop3, imap2, imap3, submission, imaps, pop3s } ip saddr @f2b-sasl drop } }
Links
https://arno0x0x.wordpress.com/2015/12/30/fail2ban-permanent-persistent-bans/
Zurück zu Fail2Ban