Linux系统中Fail2ban是一款保护服务器免受网络攻击的工具,Fail2ban可以通过黑名单来禁止IP访问。既然有被禁止的IP,那么问题来了,CentOS系统如何把IP从Fail2ban黑名单中移除。
如何列出被禁止的 IP要查看所有被禁止的 ip 地址,运行下面的命令:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-AccessForbidden tcp — anywhere anywhere tcp dpt:http
f2b-WPLogin tcp — anywhere anywhere tcp dpt:http
f2b-ConnLimit tcp — anywhere anywhere tcp dpt:http
f2b-ReqLimit tcp — anywhere anywhere tcp dpt:http
f2b-NoAuthFailures tcp — anywhere anywhere tcp dpt:http
f2b-SSH tcp — anywhere anywhere tcp dpt:ssh
f2b-php-url-open tcp — anywhere anywhere tcp dpt:http
f2b-nginx-http-auth tcp — anywhere anywhere multiport dports http,https
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT tcp — anywhere anywhere tcp dpt:EtherNet/IP-1
ACCEPT tcp — anywhere anywhere tcp dpt:http
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-NoAuthFailures (1 references)
target prot opt source destination
REJECT all — 64.68.50.128 anywhere reject-with icmp-port-unreachable
REJECT all — 104.194.26.205 anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere
如何从 Fail2ban 中移除 IP
# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT
以上就是CentOS系统把IP从Fail2ban黑名单中移除的方法了,把IP地址从Fail2ban黑名单中移除了以后,也就解除了该IP对服务器访问的限制。
你有没有这样的感觉,坐在一列火车上,
