因為常常發現更換密碼後, 來不及更改 client 端, 一下子 client 端的 IP 就被列入封鎖, 重新啟動 iptable , fail2ban 還是馬上會倍加回封鎖清單內, 因此找到以下的作法.
iptables --list
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh fail2ban-dovecot tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps,submission,urd,sieve fail2ban-dovecot-auth tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps,submission,urd,sieve fail2ban-sendmail-smtp tcp -- anywhere anywhere multiport dports smtp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere : : Chain fail2ban-dovecot-auth (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-sendmail-smtp (1 references) target prot opt source destination REJECT all -- 192.168.0.120 anywhere reject-with icmp-port-unreachable REJECT all -- 176.61.137.108 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere
fail2ban-client get sendmail-smtp actionunban 192.168.0.120
ERROR NOK: ('Invalid Action name',)
'Invalid Action name'
iptables -D fail2ban-sendmail-smtp 1 iptables --list
: : Chain fail2ban-sendmail-smtp (1 references) target prot opt source destination REJECT all -- 176.61.137.108 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere
vi /etc/fail2ban/jail.conf
: [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 192.168.0.124/24 :
service fail2ban reload