网上写 Fail2ban 于 iptables 结合的实例非常多。不过既然新的发行版自带了 firewalld, 那就使用自带的工具好了。
只要按照以下内容执行,即可迅速配置并启用ssh防暴力破解(以下内容为个人喜好配置,更多内容见官方说明)
yum install fail2ban* -y
systemctl enable fail2ban
sed -i 's|maxretry = 5|maxretry = 10|g' /etc/fail2ban/jail.conf
sed -i 's|findtime = 600|findtime = 604800|g' /etc/fail2ban/jail.conf
sed -i 's|bantime = 600|bantime = 604800|g' /etc/fail2ban/jail.conf
sed -i 's|banaction = iptables-multiport|banaction = firewallcmd-ipset|g' /etc/fail2ban/jail.conf
#在配置文件里搜索 sshd (约在224行)
#加入:enabled = true
systemctl start fail2ban
fail2ban-client status sshd