Fail2ban IP 영구차단 방법

jail.conf 파일수정

================

/etc/fail2ban/jail.conf

bantime = -1

 

touch /etc/fail2ban/ip.blacklist

cd /etc/fail2ban/action.d/

cp iptables-multiport.conf iptables-multiport.conf.backup

 

vi iptables-multiport.conf

==========================

....
....
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP

            echo <ip> >> /etc/fail2ban/ip.blacklist

....
....

actionstart = iptables -N fail2ban-<name>

              iptables -A fail2ban-<name> -j RETURN

              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

              cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done

 

fail2ban 재시작

===============

service fail2ban restart

 

iptables 동작확인

================

iptables -L -v -n

 

차단해제

=========

ip.blacklist 에서 해당IP 삭제 후

/etc/init.d/fail2ban restart

 

 

참조

http://katselphrime.com/2015/01/22/how-to-make-fail2ban-ip-bans-persistent/