By default on CentOS iptables are used as a firewall. If it is not, the following will change slightly (especially at the ‘ban action’ level).

yum install fail2ban
systemctl enable fail2ban
vim /etc/fail2ban/jail.local

# If the package is not available you can execute: yum install epel-release

It does exist a configuration file /etc/fail2ban/jail.conf.

We do not modify this one otherwise if we update fail2ban it will be overwritten.

Put the following content into the file jail.local

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

⇒ 1h banning, iptables-multiport used for banning (IP banning on all ports), active prison on sshd service

systemctl restart fail2ban
fail2ban-client status
fail2ban-client status sshd

[root@slave-server ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 8
|  |- Total failed:     625
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 57
   |- Total banned:     57
   `- Banned IP list:   58.242.83.25 202.148.5.102 68.188.68.18 ...

deleting a blocked ip :

fail2ban-client set sshd unbanip 80.15.13.135
Partager sur les réseaux