利用fail2ban保证frps安全

创建frps-ssh-ban.conf 放置在/etc/fail2ban/filter.d下

[Definition]
failregex = ^.* get a user connection \[<HOST>:[0-9]*\]
ignoreregex =

创建frps-rdp-ban.conf 放置在/etc/fail2ban/filter.d下

[Definition]
failregex = ^.* get a user connection \[<HOST>:[0-9]*\]
ignoreregex =

创建frps-ftp-ban.conf 放置在/etc/fail2ban/filter.d下

[Definition]
failregex = ^.* get a user connection \[<HOST>:[0-9]*\]
ignoreregex =

创建frps.local 放置在/etc/fail2ban/jail.d下

# FRP SSH防爆破
[frps-ssh-ban]
# 是否启用
enabled = true
# 检测时长
findtime = 3m
# 允许的最大重试次数，超过则封锁
maxretry = 6
# 封锁时长
bantime = 1y
# 过滤规则文件，即上面定义的规则文件
filter = frps-ssh-ban
# 存放日志的路径
logpath = /app/server/frp/frps.log
# 匹配协议
protocol = all
# 端口号
port = all
# 拦截动作(基于iptables)
chain = all
action = iptables-allports[name=frps,protocol=tcp]

# FRP RDP防爆破
[frps-rdp-ban]
# 是否启用
enabled = true
# 检测时长
findtime = 3m
# 允许的最大重试次数，超过则封锁
maxretry = 6
# 封锁时长
bantime = 1y
# 过滤规则文件，即上面定义的规则文件
filter = frps-rdp-ban
# 存放日志的路径
logpath = /app/server/frp/frps.log
# 匹配协议
protocol = all
# 端口号
port = all
# 拦截动作(基于iptables)
chain = all
action = iptables-allports[name=frps,protocol=tcp]

# FRP FTP防爆破
[frps-ftp-ban]
# 是否启用
enabled = true
# 检测时长
findtime = 1y
# 允许的最大重试次数，超过则封锁
maxretry = 6
# 封锁时长
bantime = 60m
# 过滤规则文件，即上面定义的规则文件
filter = frps-ftp-ban
# 存放日志的路径
logpath = /app/server/frp/frps.log
# 匹配协议
protocol = all
# 端口号
port = all
# 拦截动作(基于iptables)
chain = all
action = iptables-allports[name=frps,protocol=tcp]

重启fail2ban

fail2ban-client reload

查看fail2ban的新规则是否生效

fail2ban-client status frps-ssh-ban