Fail2Ban - IP Adressen speichern (Linux)

Aus Tutorials
Version vom 9. Juli 2020, 22:20 Uhr von Martin Kirner (Diskussion | Beiträge) (→‎Temp)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Noch in Bearbeitung


Regeln speichern und wiederherstellen

Skripte

sudo mkdir -p /mnt/synology/mail1/fail2ban/scripts
sudo mkdir /mnt/synology/mail1/fail2ban/data

speichern

sudo vi /mnt/synology/mail1/fail2ban/scripts/export_recidive_set.sh
#!/bin/bash

if [[ -z $1 ]]
then
  echo "Usage: `basename $0` <output file>";
  exit
fi

sudo nft list set ip fail2ban f2b-recidive > $1

wiederherstellen

sudo vi /mnt/synology/mail1/fail2ban/scripts/import_recidive_set.sh
#!/bin/bash

if [[ -z $1 ]] || ! [[ -f $1 ]]
then
  echo "Usage: `basename $0` <input file>";
  exit
fi

sudo nft flush set ip fail2ban f2b-recidive;

RECIDIVE_SET=`sed -e '/elements =/,/}/!d' $1`;

if [[ -n $RECIDIVE_SET ]]
then
  sudo nft add set ip fail2ban f2b-recidive { type ipv4_addr \; $RECIDIVE_SET \; };
fi
sudo chmod 770 /mnt/synology/mail1/fail2ban/scripts/*.sh

Konfiguration

sudo vi /etc/fail2ban/action.d/nftables-common.conf 
[Definition]

...

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = /opt/fail2ban/scripts/export_recidive_set.sh /opt/fail2ban/data/recidive.txt

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = /opt/fail2ban/scripts/import_recidive_set.sh /opt/fail2ban/data/recidive.txt

Links

https://manpages.debian.org/testing/nftables/nft.8.en.html

https://wiki.ubuntuusers.de/fail2ban/

Temp

table ip fail2ban {
	set f2b-sasl {
		type ipv4_addr
	}

	set f2b-recidive {
		type ipv4_addr
		elements = { 45.125.65.52, 46.38.148.22,
			     46.38.150.47, 46.38.150.72,
			     46.38.150.132, 141.98.10.192,
			     141.98.10.208, 185.143.72.16,
			     185.143.72.25, 185.143.73.58,
			     185.143.73.93, 185.143.73.148,
			     185.143.73.162, 185.143.73.175,
			     185.143.73.203, 185.143.75.81,
			     185.143.75.153, 185.234.218.83,
			     89.248.168.2, 212.70.149.3 }
	}

	chain input {
		type filter hook input priority 100; policy accept;
		meta l4proto 0-255 ip saddr @f2b-recidive drop
		tcp dport { smtp, pop3, imap2, imap3, submission, imaps, pop3s } ip saddr @f2b-sasl drop
	}
}

Links

https://arno0x0x.wordpress.com/2015/12/30/fail2ban-permanent-persistent-bans/


Zurück zu Fail2Ban