惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Cisco Talos Blog
Cisco Talos Blog
AI
AI
L
LINUX DO - 最新话题
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The GitHub Blog
The GitHub Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
有赞技术团队
有赞技术团队
S
Securelist
博客园_首页
IT之家
IT之家
Schneier on Security
Schneier on Security
博客园 - 叶小钗
罗磊的独立博客
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity
The Register - Security
The Register - Security
D
DataBreaches.Net
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Recorded Future
Recorded Future
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tailwind CSS Blog
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
T
Tor Project blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com

博客园 - Nihaorz

告别闪烁,拥抱流畅:在 Windows Terminal 中完美配置 Cygwin 环境 Nginx 透明代理 + 自动回源存储:访问即缓存,落盘即文件 创建 docker ipvlan,让 docke 容器获取独立ip 电犀牛 R68s iStoreOS 2.5G 网口速率优化 解决 openwrt ssh 命令行终端 home、end 键不可用问题 一键添加视频封面脚本 ffmpeg 转码参数 docker save 远程 ssh 主机直接 load,不产生本地文件 AutoHotKey 脚本 - win10 自动连接无线显示器 SSH 登录/退出实时监控脚本 OpenClaw 安装部署,配置 deepseek curl 断点续传下载 debian iso 镜像下载地址 linux 安装 zerotier,加入网络 基于 Fail2ban 的 SSH 入侵自动反制方案 ssh 配置密钥登录,关闭密码登录 memc - 基于 shell 的交互式清理内存脚本 Linux Screen 命令速查 使用 ofelia 在 docker 容器中执行计划任务 linux 磁盘挂载示例
基于 Fail2ban 的 OpenWRT SSH 入侵自动反制方案
Nihaorz · 2026-03-02 · via 博客园 - Nihaorz

安装配置脚本(ssh 端口和 ignoreip 自行修改):

# 安装 fail2ban logd
opkg update
opkg install fail2ban logd

# 创建日志目录
mkdir -p /var/log

# 配置 syslog 写入文件(uci方式)
uci set system.@system[0].log_file='/var/log/messages'
uci set system.@system[0].log_size='10240'  # 10MB
uci commit system
/etc/init.d/log restart

# 创建 dropbear 过滤器
cat > /etc/fail2ban/filter.d/dropbear.conf << 'EOF'
[Definition]
failregex = ^.*dropbear\[\d+\]: Login attempt for nonexistent user from <HOST>:\d+$
            ^.*dropbear\[\d+\]: Bad password attempt for '.*' from <HOST>:\d+$
            ^.*dropbear\[\d+\]: Exit before auth from <<HOST>:\d+>: \(user '.*', .* fails\): Exited normally$
ignoreregex = 
EOF

# 创建 jail 配置
cat > /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
# 基础封禁参数
bantime = 600
findtime = 600
maxretry = 5

# 递进式封禁设置
bantime.increment = true
bantime.factor = 2
bantime.max = -1

# 惯犯快速通道
recidive.threshold = 3
recidive.bantime = -1

# 网络层配置
banaction = nftables-multiport
chain = input

# 白名单(务必添加你的管理IP!)
ignoreip = 127.0.0.1/8 ::1 192.168.100.0/24 192.168.1.0/24

[dropbear]
enabled = true
port = 22
filter = dropbear
logpath = /var/log/messages
action = nftables-multiport[name=dropbear, port="22", protocol=tcp]
EOF

# 重启 fail2ban
/etc/init.d/fail2ban restart

常用指令:

# 查看 fail2ban 运行状态
/etc/init.d/fail2ban status

# 查看封禁 IP 列表
fail2ban-client status dropbear

# 手动封禁指定 IP
fail2ban-client set dropbear banip 111.183.145.241

# 解封指定 IP
fail2ban-client set dropbear unbanip 111.183.145.241

# 解封所有 IP
fail2ban-client unban --all

# 查看 fail2ban 日志
tail -f /var/log/fail2ban.log

# 重启 fail2ban
/etc/init.d/fail2ban restart

# 查看登录失败日志
cat /var/log/messages | egrep --color=auto "Bad (password|publickey)|invalid user|Connection (closed|refused)|authentication failure|not allowed"

# 测试过滤器规则(建议手动测试一下,前面的正则表达式万一匹配不上那就是白给)
fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/dropbear.conf --print-all-matched

# fail2ban 重读日志,比如删除 nginx 日志后执行,不影响已创建的封禁记录
fail2ban-client flushlogs

常规 Linux 版参考这个:https://www.cnblogs.com/nihaorz/p/19667506