305 字
2 分钟
Debian安装fail2ban封禁恶意ip
2026-05-25
常用脚本
常用脚本

安装Fail2Ban#

Terminal window
sudo apt update
sudo apt install fail2ban rsyslog -y

安装 rsyslog,以确保日志文件能够正常生成并供 Fail2Ban 使用

启动服务#

Terminal window
sudo systemctl enable --now fail2ban
sudo systemctl enable --now rsyslog

检查服务状态#

Terminal window
sudo systemctl status fail2ban
sudo systemctl status rsyslog

配置 Fail2Ban#

Terminal window
sudo nano /etc/fail2ban/jail.local

粘贴以下内容,记得把 5522 改成你的SSH端口

Terminal window
[sshd]
ignoreip = 127.0.0.1/8
enabled = true
filter = sshd
port = 5522
maxretry = 3
findtime = 300
bantime = -1
banaction = nftables-multiport
logpath = /var/log/auth.log

配置说明:#

  • enabled = true 启用 SSH 防护
  • port = 5522 指定 SSH 端口
  • maxretry = 3 3次失败后封禁
  • findtime = 300 在 300 秒(5 分钟)内统计失败尝试次数
  • bantime = -1 封禁时间设为 -1,表示永久封禁

重启服务使配置生效#

Terminal window
sudo systemctl restart fail2ban

管理和监控#

查看运行状态#

Terminal window
sudo systemctl status fail2ban

查看日志#

Terminal window
sudo tail -f /var/log/fail2ban.log

管理封禁IP#

查询封禁情况#

Terminal window
sudo fail2ban-client status sshd

手动解封IP:#

Terminal window
sudo fail2ban-client unban IP地址

常见问题处理#

如果服务启动失败,检查配置文件语法:

Terminal window
sudo fail2ban-client -t

如果日志不更新,重启 rsyslog 服务:

Terminal window
sudo systemctl restart rsyslog

卸载#

Terminal window
sudo systemctl stop fail2ban
sudo systemctl disable fail2ban
sudo apt-get remove --purge fail2ban
sudo apt-get autoremove
sudo apt-get clean
sudo rm -rf /var/log/fail2ban.log
sudo rm -rf /var/lib/fail2ban
Debian安装fail2ban封禁恶意ip
https://blog.leuxx.de/posts/29/
作者
Leu
发布于
2026-05-25
许可协议
CC BY-NC-SA 4.0
Linux VPS 使用 tc 实现端口限速教程(支持动态解除限速)
VPS 上禁用与启用 IPv6 全教程

评论

© 2026 Leu. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari