| cmd | Description |
|---|---|
| service fail2ban restart | restart fail2ban service (after edit configuration) |
| fail2ban-client reload | restart fail2ban client |
| fail2ban-client status | get list activated jail |
| fail2ban-client status example: fail2ban-client status wplogin example: fail2ban-client status sshd |
get status (the number of unsuccessful attempts and the list of banned IPs) |
| fail2ban-regex /var/lib/docker/containers//-json.log /etc/fail2ban/filter.d/wplogin.conf | test regex wplogin |
| fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf | test regex sshd |
| fail2ban-regex “line” “failregex” | test regex |
| fail2ban-client set unbanip | manually unban IP |
| fail2ban-client set banip | manually Ban IP |
| tail -f /var/log/fail2ban.log | view fail2ban logs |
| iptables -L –line-numbers | list IP blocked with line numbers |
| iptables -D -s -j DROP Example: Jail-Name =f2b-wplogin Jail-Name =f2b-sshd |
Unban IP |
| fail2ban-server -b | start fail2ban server |
| docker inspect –format='{{.LogPath}}’ $INSTANCE_ID | return instance log file path |
Jai.local
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localaction.d
[Definition]
actionstart = iptables -N f2b-wplogin
iptables -A f2b-wplogin -j RETURN
iptables -I FORWARD -p tcp -m multiport --dports 80 -j f2b-wplogin
actionstop = iptables -D FORWARD -p tcp -m multiport --dports 80 -j f2b-wplogin
iptables -F f2b-wplogin
iptables -X f2b-wplogin
actioncheck = iptables -n -L FORWARD | grep -q 'f2b-wplogin[ \t]'
actionban = iptables -I f2b-wplogin 1 -s -j DROP
actionunban = iptables -D f2b-wplogin -s -j DROP