fail2ban 是一款用于保护你的服务器免于暴力攻击的入侵保护软件。fail2ban 用 python 写成，并广泛用于很多服务器上。fail2ban 会扫描日志文件和 IP 黑名单来显示恶意软件、过多的密码失败尝试、web 服务器利用、wordpress 插件攻击和其他漏洞。如果你已经安装并使用了 fail2ban 来保护你的 web 服务器，你也许会想知道如何在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中找到被 fail2ban 阻止的 IP，或者你想将 ip 从 fail2ban 监狱中移除。

如何列出被禁止的 IP

要查看所有被禁止的 ip 地址，运行下面的命令：

1. # iptables -L
2. Chain INPUT (policy ACCEPT)
3. target prot opt source destination
4. f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http
5. f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http
6. f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http
7. f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http
8. f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http
9. f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
10. f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http
11. f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https
12. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
13. ACCEPT icmp -- anywhere anywhere
14. ACCEPT all -- anywhere anywhere
15. ACCEPT tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1
16. ACCEPT tcp -- anywhere anywhere tcp dpt:http
17. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
19. Chain FORWARD (policy ACCEPT)
20. target prot opt source destination
21. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
23. Chain OUTPUT (policy ACCEPT)
24. target prot opt source destination
27. Chain f2b-NoAuthFailures (1 references)
28. target prot opt source destination
29. REJECT all -- 64.68.50.128 anywhere reject-with icmp-port-unreachable
30. REJECT all -- 104.194.26.205 anywhere reject-with icmp-port-unreachable
31. RETURN all -- anywhere anywhere

如何从 Fail2ban 中移除 IP

1. # iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT

我希望这篇教程可以给你在 CentOS 6、CentOS 7、RHEL 6、RHEL 7 和 Oracle Linux 6/7 中移除被禁止的 ip 一些指导。

本文来自云栖社区合作伙伴“Linux中国”

原文发布时间为：2013-04-02.