For AWS: https://www.cloudar.be/awsblog/integrating-fail2ban-with-aws-network-acls/
注意,本文中的做法需要先在系統中配置好 aliyun-cli,
具體做法請參考:https://github.com/aliyun/aliyun-cli
在 jail.d 的配置文件中添加:
action = aliyun[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
然後在 action.d 文件夾中添加 aliyun.conf 配置:
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
actionstart = aliyun configure set --profile ecsRamRoleProfile --mode EcsRamRole --ram-role-name <替換為 RAM Role 名稱> --region <替換為安全組地域>
iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
actionban = /usr/local/bin/aliyun ecs AuthorizeSecurityGroup --SecurityGroupId <替換為安全組 ID> --SourceCidrIp <ip>/32 --IpProtocol ALL --PortRange=-1/-1 --NicType intranet --Policy Drop
actionunban = /usr/local/bin/aliyun ecs RevokeSecurityGroup --SecurityGroupId <替換為安全組 ID> --SourceCidrIp <ip>/32 --IpProtocol ALL --PortRange=-1/-1 --NicType intranet --Policy Drop
[Init]