BrainyCP

2024-03-02 09:54:42,913 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- exec: iptables -w -I f2b-apache 1 -s 2a0e:d602:2:313::2:0 -j REJECT --reject-with icmp-port-unreachable
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "iptables v1.8.8 (nf_tables): host/network `2a0e:d602:2:313::2:0' not found"
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- returned 2
2024-03-02 09:54:42,914 fail2ban.actions [144334]: ERROR Failed to execute reban jail 'apache' action 'iptables-multiport' info 'ActionInfo({'ip': '2a0e:d602:2:313::2:0', 'family': 'inet6', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f40fb30ec10>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f40fb308310>})': Error banning 2a0e:d602:2:313::2:0
2024-03-02 10:10:24,334 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:23
2024-03-02 10:10:26,958 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26
2024-03-02 10:10:26,959 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26

Не могу понять как банить Ipv6. в csf функции работы с ipv6 стоят- чек боксы в положении on. Почему iptables не отрабатывает? Руками можно как-то занести в бан?

Мы проверим данный нюанс.

lsmod | grep ip6table
Какая ос?

Для ubuntu выполните команды:

modprobe ip6table_filter
echo "ip6table_filter" >> /etc/modules

alenka писал(а): ↑

Чт мар 28, 2024 1:17 pm

lsmod | grep ip6table
Какая ос?

alma 9.3

bash: lsmod: command not found

покажите выводы

[root@bla ~]# yum list installed | grep systemd
Repository myrepo-centos is listed more than once in the configuration
python3-systemd.x86_64 234-18.el9 @anaconda
systemd.x86_64 252-18.el9 @anaconda
systemd-libs.x86_64 252-18.el9 @anaconda
systemd-pam.x86_64 252-18.el9 @anaconda
systemd-rpm-macros.noarch 252-18.el9 @anaconda
systemd-udev.x86_64 252-18.el9 @anaconda
[root@bla ~]#
[root@bla ~]# yum list installed | grep kmod
Repository myrepo-centos is listed more than once in the configuration
kmod.x86_64 28-9.el9 @anaconda
kmod-libs.x86_64 28-9.el9 @anaconda
[root@bla ~]#

2024-03-31 07:45:11,788 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 07:45:11
2024-03-31 07:45:11,788 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 07:45:11
2024-03-31 10:40:50,624 fail2ban.filter [917]: INFO [apache] Found 34.220.240.53 - 2024-03-31 10:40:50
2024-03-31 15:23:19,592 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:19,796 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:20,399 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 15:39:48,865 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 15:39:52,091 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 15:57:29,543 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 15:57:29,732 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned
2024-03-31 15:57:31,756 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:31,959 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:32,571 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 15:57:32,572 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:03,243 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned

2a0e:d602:2:313::2:0 вроде как забанен
Я так понял что fail2ban.log просто отражает картину взаимодействий не зависимо от того что забанен или не забанен ip?

csf ip search
Table Chain num pkts bytes target prot opt in out source destination
No matches found for 2a0e:d602:2:313::2:0 in iptables


ip6tables:

Table Chain num pkts bytes target prot opt in out source destination

filter DENYIN 1 0 0 DROP all !lo * 2a0e:d602:2:313::2:0 ::/0

filter DENYOUT 1 0 0 LOGDROPOUT all * !lo ::/0 2a0e:d602:2:313::2:0

csf.deny: 2a0e:d602:2:313::2:0 # apache attack - Fri Mar 29 23:09:25 2024

как забанить любой ip , чтобы он, даже не доходил до журнала fail2ban?

Только через ip6tables.
fail2ban блокирует на основе данных с логов, выбранного сервиса.

pomoyka писал(а): ↑

Вт апр 02, 2024 12:56 pm

как забанить любой ip , чтобы он, даже не доходил до журнала fail2ban?