【发布时间】:2021-02-26 20:55:25
【问题描述】:
已按照本教程在 CentOS 8 上设置了 fail2ban 服务:https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/。
我已经按照上面的教程进行了类似的设置,如下所示:
[DEFAULT]
# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
bantime = 86400
# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 1200
maxretry = 3
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator. For example, add your
# static IP address that you always use for login such as 103.1.2.3
#ignoreip = 127.0.0.1/8 ::1 103.1.2.3
# Call iptables to ban IP address
banaction = iptables-multiport
# Enable sshd protection
[sshd]
enabled = true
我希望一个IP在被临时禁止3次后被永久禁止。该怎么做?
【问题讨论】:
标签: centos customization fail2ban