How do I ban an attacker IP with Fail2Ban manually by command line?
You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:
ufw insert 1 deny from <ip> to any
But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any
This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.
sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
Check the jail where to add the IP using sudo fail2ban-client status
sudo fail2ban-client -vvv 'set' 'jail' 'banip' 'ip'
Definitely works as the manual solution. Just login via ssh and execute.
only thing is I keep getting "beatify" messages?
Also not sure if this will ban an ip range e.g. enter '185.130.5' to ban all ranges from '185.130.5.0' to 255?
来源:https://stackoverflow.com/questions/29018312/howto-ban-ip-with-fail2ban-manually-by-command-line