page counter next up previous contents
Next: Code Injection Up: Fail2ban Previous: Fail2ban 阻擋 DNS 的   Contents   DYWANG_HOME

Fail2ban iptables

  1. Fail2ban 預設以 iptables 的 REJECT 阻擋符合規則的來源,若要改用 DROP,可修改 iptables-common.conf,將 blocktype 設定成 DROP。 
    [root@mail ~]# vim /etc/fail2ban/action.d/iptables-common.conf 
[root@mail ~]# grep -A1 '#blocktype' /etc/fail2ban/action.d/iptables-common.conf
#blocktype = REJECT --reject-with icmp-port-unreachable
blocktype = DROP
  2. Fail2ban 重新載入。 
    [root@mail ~]# /etc/init.d/fail2ban reload
Reloading fail2ban:

De-Yu Wang 2020-05-19