Fail2ban Setup

內建白名單 
 方法一: 編輯 /etc/fail2an/jail.conf 
 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 ::1 192.168.9.0/24 192.168.31.0/24 
 方法二: 指令 fail2ban-client 
 # set <JAIL> addignoreip <IP>
# set <JAIL> delignoreip <IP>
fail2ban-client set sshd addignoreip 123.123.123.123
fail2ban-client set sshd delignoreip 123.123.123.123 
 驗證結果 
 fail2ban-client get <JAIL> ignoreip
fail2ban-client get asterisk ignoreip
fail2ban-client get sshd ignoreip 
 黑名單功能客製 
 
 Persistent Banning of IP Addresses with Fail2Ban 
 Fail2Ban Blacklist JAIL for Repeat Offenders