ip Tables как банить IPV6?
ip Tables как банить IPV6?
2024-03-02 09:54:42,913 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- exec: iptables -w -I f2b-apache 1 -s 2a0e:d602:2:313::2:0 -j REJECT --reject-with icmp-port-unreachable
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "iptables v1.8.8 (nf_tables): host/network `2a0e:d602:2:313::2:0' not found"
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- returned 2
2024-03-02 09:54:42,914 fail2ban.actions [144334]: ERROR Failed to execute reban jail 'apache' action 'iptables-multiport' info 'ActionInfo({'ip': '2a0e:d602:2:313::2:0', 'family': 'inet6', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f40fb30ec10>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f40fb308310>})': Error banning 2a0e:d602:2:313::2:0
2024-03-02 10:10:24,334 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:23
2024-03-02 10:10:26,958 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26
2024-03-02 10:10:26,959 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26
Не могу понять как банить Ipv6. в csf функции работы с ipv6 стоят- чек боксы в положении on. Почему iptables не отрабатывает? Руками можно как-то занести в бан?
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "iptables v1.8.8 (nf_tables): host/network `2a0e:d602:2:313::2:0' not found"
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-03-02 09:54:42,914 fail2ban.utils [144334]: ERROR 7f40fc42c8f0 -- returned 2
2024-03-02 09:54:42,914 fail2ban.actions [144334]: ERROR Failed to execute reban jail 'apache' action 'iptables-multiport' info 'ActionInfo({'ip': '2a0e:d602:2:313::2:0', 'family': 'inet6', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f40fb30ec10>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f40fb308310>})': Error banning 2a0e:d602:2:313::2:0
2024-03-02 10:10:24,334 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:23
2024-03-02 10:10:26,958 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26
2024-03-02 10:10:26,959 fail2ban.filter [144334]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-02 10:10:26
Не могу понять как банить Ipv6. в csf функции работы с ipv6 стоят- чек боксы в положении on. Почему iptables не отрабатывает? Руками можно как-то занести в бан?
Последний раз редактировалось pomoyka Сб мар 30, 2024 7:39 am, всего редактировалось 1 раз.
Re: ip Tables как банить IPV6?
Мы проверим данный нюанс.
Re: ip Tables как банить IPV6?
lsmod | grep ip6table
Какая ос?
Какая ос?
Re: ip Tables как банить IPV6?
Для ubuntu выполните команды:
modprobe ip6table_filter
echo "ip6table_filter" >> /etc/modules
modprobe ip6table_filter
echo "ip6table_filter" >> /etc/modules
Re: ip Tables как банить IPV6?
покажите выводы
Код: Выделить всё
yum list installed | grep systemd
yum list installed | grep kmod
Re: ip Tables как банить IPV6?
[root@bla ~]# yum list installed | grep systemd
Repository myrepo-centos is listed more than once in the configuration
python3-systemd.x86_64 234-18.el9 @anaconda
systemd.x86_64 252-18.el9 @anaconda
systemd-libs.x86_64 252-18.el9 @anaconda
systemd-pam.x86_64 252-18.el9 @anaconda
systemd-rpm-macros.noarch 252-18.el9 @anaconda
systemd-udev.x86_64 252-18.el9 @anaconda
[root@bla ~]#
[root@bla ~]# yum list installed | grep kmod
Repository myrepo-centos is listed more than once in the configuration
kmod.x86_64 28-9.el9 @anaconda
kmod-libs.x86_64 28-9.el9 @anaconda
[root@bla ~]#
Repository myrepo-centos is listed more than once in the configuration
python3-systemd.x86_64 234-18.el9 @anaconda
systemd.x86_64 252-18.el9 @anaconda
systemd-libs.x86_64 252-18.el9 @anaconda
systemd-pam.x86_64 252-18.el9 @anaconda
systemd-rpm-macros.noarch 252-18.el9 @anaconda
systemd-udev.x86_64 252-18.el9 @anaconda
[root@bla ~]#
[root@bla ~]# yum list installed | grep kmod
Repository myrepo-centos is listed more than once in the configuration
kmod.x86_64 28-9.el9 @anaconda
kmod-libs.x86_64 28-9.el9 @anaconda
[root@bla ~]#
Re: ip Tables как банить IPV6?
2024-03-31 07:45:11,788 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 07:45:11
2024-03-31 07:45:11,788 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 07:45:11
2024-03-31 10:40:50,624 fail2ban.filter [917]: INFO [apache] Found 34.220.240.53 - 2024-03-31 10:40:50
2024-03-31 15:23:19,592 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:19,796 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:20,399 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 15:39:48,865 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 15:39:52,091 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 15:57:29,543 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 15:57:29,732 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned
2024-03-31 15:57:31,756 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:31,959 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:32,571 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 15:57:32,572 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:03,243 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned
2a0e:d602:2:313::2:0 вроде как забанен
Я так понял что fail2ban.log просто отражает картину взаимодействий не зависимо от того что забанен или не забанен ip?
csf ip search
Table Chain num pkts bytes target prot opt in out source destination
No matches found for 2a0e:d602:2:313::2:0 in iptables
ip6tables:
Table Chain num pkts bytes target prot opt in out source destination
filter DENYIN 1 0 0 DROP all !lo * 2a0e:d602:2:313::2:0 ::/0
filter DENYOUT 1 0 0 LOGDROPOUT all * !lo ::/0 2a0e:d602:2:313::2:0
csf.deny: 2a0e:d602:2:313::2:0 # apache attack - Fri Mar 29 23:09:25 2024
как забанить любой ip , чтобы он, даже не доходил до журнала fail2ban?
2024-03-31 07:45:11,788 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 07:45:11
2024-03-31 10:40:50,624 fail2ban.filter [917]: INFO [apache] Found 34.220.240.53 - 2024-03-31 10:40:50
2024-03-31 15:23:19,592 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:19,796 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 15:23:20,399 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 15:39:48,865 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 15:39:52,091 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 15:57:29,543 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 15:57:29,732 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned
2024-03-31 15:57:31,756 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:31,959 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 15:57:32,571 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 15:57:32,572 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,910 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:19
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:23:20
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:48
2024-03-31 16:00:02,911 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:39:51
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:29
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,912 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:31
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:02,913 fail2ban.filter [917]: INFO [apache] Found 2a0e:d602:2:313::2:0 - 2024-03-31 15:57:32
2024-03-31 16:00:03,243 fail2ban.actions [917]: WARNING [apache] 2a0e:d602:2:313::2:0 already banned
2a0e:d602:2:313::2:0 вроде как забанен
Я так понял что fail2ban.log просто отражает картину взаимодействий не зависимо от того что забанен или не забанен ip?
csf ip search
Table Chain num pkts bytes target prot opt in out source destination
No matches found for 2a0e:d602:2:313::2:0 in iptables
ip6tables:
Table Chain num pkts bytes target prot opt in out source destination
filter DENYIN 1 0 0 DROP all !lo * 2a0e:d602:2:313::2:0 ::/0
filter DENYOUT 1 0 0 LOGDROPOUT all * !lo ::/0 2a0e:d602:2:313::2:0
csf.deny: 2a0e:d602:2:313::2:0 # apache attack - Fri Mar 29 23:09:25 2024
как забанить любой ip , чтобы он, даже не доходил до журнала fail2ban?
Re: ip Tables как банить IPV6?
Код: Выделить всё
как забанить любой ip , чтобы он, даже не доходил до журнала fail2ban?
fail2ban блокирует на основе данных с логов, выбранного сервиса.
Re: ip Tables как банить IPV6?
Код: Выделить всё
ip6tables -t raw -I PREROUTING -s 2a0e:d602:2:313::2:0 -j DROP