fail2ban filter and jail

от fresa 17.11.202517.11.2025 fail2ban, Linux admin

—

Обсуждение тут

—

забанить:

sudo fail2ban-client set banip 1.2.3.4

разбанить:

sudo fail2ban-client set <jail_name> unbanip 1.2.3.4

status

fail2ban-client status <jail>

filter and jail(ipt and nft):

/etc/fail2ban/filter.d/nginx-wp-xmlrpc.conf

[Definition]
failregex = ^ - .* "POST .xmlrpc.php HTTP."
ignoreregex =

/etc/fail2ban/jail.d/nginx-wp-xmlrpc.local

[nginx-wp-xmlrpc]
enabled = true
filter = nginx-wp-xmlrpc
port = http,https
logpath = /var/log/nginx/access.log
backend = auto
maxretry = 5
findtime = 600
bantime = 24h
#action = iptables-multiport[name=WP, port="http,https"]
action = nftables[name=WP, port="http,https", protocol=tcp, blocktype=drop]

/etc/fail2ban/filter.d/nginx-wp-login.conf

[Definition]
failregex = ^.access forbidden by rule, client: , server: .my-handbook.ru., request: "(GET|POST) /(wp-login.php|wp-admin/.|wp-includes/.*|xmlrpc.php)
ignoreregex =

/etc/fail2ban/jail.d/nginx-wp-login.local

[nginx-wp-login]
enabled = true
filter = nginx-wp-login
port = http,https
logpath = /var/log/nginx/error.log
backend = auto
maxretry = 1
findtime = 600
bantime = 24h
#action = iptables-multiport[name=WP, port="http,https", protocol=tcp, blocktype=DROP]
action = nftables[name=WP, port="http,https", protocol=tcp, blocktype=drop]

/etc/fail2ban/filter.d/zabbix-nginx.conf

[Definition]
failregex = ^ - - [.] "POST /zabbix/index.php HTTP/." 200
ignoreregex = ^ - - [.] "POST /zabbix/index.php HTTP/." 302

/etc/fail2ban/jail.d/zabbix.local

[zabbix-nginx]
enabled = true
filter = zabbix-nginx
port = http,https
logpath = /var/log/nginx/access.log
backend = auto
maxretry = 1
findtime = 600
bantime = 24h
#action = iptables-multiport[name=zabbix-nginx, port="http,https", protocol=tcp, blocktype=DROP]
action = nftables[name=WP, port="http,https", protocol=tcp, blocktype=drop]