IPs 没有被 iptables/fail2ban 阻止已经被禁止的消息

Question

我将旧的 iptables v1.4.7 与 fail2ban 结合使用。然而，我在日志中看到“already banned”消息，并且无法弄清楚为什么它们仍然到达我的服务器并且没有被阻止，即使它们在 f2b-ASTERISK 中列出，如下所示。这是目前的样子；您是否看到这些过滤器乍一看不起作用的任何原因？我检查了其他答案，但他们没有透露任何信息。这是输出：

[root@server bin]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
f2b-ASTERISK  udp  --  anywhere             anywhere            udp dpt:sip
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "friendly-scanner" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "VaxSIPUserAgent" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "VaxIPUserAgent" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "sundayddr" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "sipsak" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "sipvicious" ALGO name bm TO 65535
DROP       udp  --  anywhere             anywhere            udp dpt:sip STRING match "iWar" ALGO name bm TO 65535
...
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2346 flags:0x17/0x02 limit: avg 1/min burst 3
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2346 flags:0x17/0x02
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
DROP       all  -f  0.0.0.0/0            0.0.0.0/0
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 5/sec burst 5
DROP       icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5060
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:5060
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:4569
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:10000:20000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 flags:0x17/0x02 limit: avg 100/sec burst 100
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 flags:0x17/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5666

...

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-ASTERISK (1 references)
target     prot opt source               destination
DROP       all  --  ip16.ip-54-37-90.eu  anywhere
DROP       all  --  207.231.108.225      anywhere
...

fail2ban.log:

2023-04-23 09:50:30,881 fail2ban.actions        [26615]: NOTICE  [asterisk-iptables] 193.32.162.159 already banned

查看ip时在f2b-ASTERISK中列出：

[root@server bin]# iptables -L -n | grep "193.32.162.159"
DROP       all  --  193.32.162.159       0.0.0.0/0

IPs 没有被 iptables/fail2ban 阻止已经被禁止的消息

问题描述投票：0回答：0

最新问题

IPs 没有被 iptables/fail2ban 阻止已经被禁止的消息

问题描述 投票：0回答：0

最新问题

问题描述投票：0回答：0