fail2ban command
常用指令表
| Cmd | Description |
|
service fail2ban restart systemctl restart fail2ban |
restart fail2ban service (after edit configuration) |
| fail2ban-client reload | restart fail2ban client |
| fail2ban-client status | get list activated jail |
| fail2ban-client status <JAIL> example: fail2ban-client status wplogin example: fail2ban-client status sshd |
get <JAIL> status (the number of unsuccessful attempts and the list of banned IPs) |
| fail2ban-regex /var/lib/docker/containers/<CONTAINERID>/<CONTAINERID>-json.log /etc/fail2ban/filter.d/wplogin.conf | test regex wplogin |
| fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf | test regex sshd |
| fail2ban-regex "line" "failregex" | test regex |
| fail2ban-client set <JAIL-NAME> unbanip <IP-ADDRESS> | manually unban IP |
| fail2ban-client set <JAIL-NAME> banip <IP-ADDRESS> | manually Ban IP |
| tail -f /var/log/fail2ban.log | view fail2ban logs |
| iptables -L –line-numbers | list IP blocked with line numbers |
| iptables -D <Jail-Name> -s <IP-ADDRESS> -j DROP Example: Jail-Name =f2b-wplogin Jail-Name =f2b-sshd |
Unban IP |
| fail2ban-server -b | start fail2ban server |
| docker inspect –format='{{.LogPath}}' $INSTANCE_ID | return instance log file path |