Meu IP é banido no servidor automaticamente

0

Eu preciso saber qual programa ou qual regra específica está proibindo o meu endereço IP, como acontece frequentemente quando estou programando. Ele banirá o IP interno do meu roteador, já que estou me conectando pela LAN. Então, após cerca de 10 minutos, ele não libera o IP. Eu preciso saber o que está fazendo isso.

Aqui está o log do kernel,

Jul 24 12:40:35 buntubox-001 kernel: [68405.371388] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:42:40 buntubox-001 kernel: [68530.812091] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:44:46 buntubox-001 kernel: [68656.252761] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:46:51 buntubox-001 kernel: [68781.693450] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:48:56 buntubox-001 kernel: [68907.134130] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:51:02 buntubox-001 kernel: [69032.574810] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:53:07 buntubox-001 kernel: [69158.015484] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:55:13 buntubox-001 kernel: [69283.456341] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:57:18 buntubox-001 kernel: [69408.896851] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 12:59:24 buntubox-001 kernel: [69534.337509] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:01:29 buntubox-001 kernel: [69659.778153] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:03:35 buntubox-001 kernel: [69785.218879] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:05:40 buntubox-001 kernel: [69910.659585] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:07:45 buntubox-001 kernel: [70036.100269] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:09:51 buntubox-001 kernel: [70161.540931] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:11:56 buntubox-001 kernel: [70286.981572] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:14:02 buntubox-001 kernel: [70412.422228] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:16:07 buntubox-001 kernel: [70537.862891] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:18:13 buntubox-001 kernel: [70663.303475] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Jul 24 13:20:18 buntubox-001 kernel: [70788.744104] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Aqui está o log do fail2ban:

2017-07-24 06:25:17,215 fail2ban.server [1219]: INFO rollover performed on /var/log/fail2ban.log

2017-07-24 06:25:50,566 fail2ban.filter [1219]: INFO Log rotation detected for /var/log/auth.log

2017-07-24 06:27:31,632 fail2ban.filter [1219]: INFO [sshd] Found 177.129.242.80

2017-07-24 07:42:37,836 fail2ban.filter [1219]: INFO [sshd] Found 171.25.193.131

2017-07-24 07:44:27,693 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202

2017-07-24 07:44:27,760 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202

2017-07-24 08:17:01,802 fail2ban.filter [1219]: INFO [sshd] Found 119.193.140.164

2017-07-24 09:44:05,257 fail2ban.filter [1219]: INFO [sshd] Found 91.197.232.103

2017-07-24 13:09:25,355 fail2ban.filter [1219]: INFO [sshd] Found 218.68.140.168

E finalmente aqui está meu iptables -L

root@buntubox-001:/var/www/html# iptables -L

Chain INPUT (policy DROP)

target prot opt source destination

DROP all -- 192.168.1.1 anywhere

f2b-sshd tcp -- anywhere anywhere multiport dports ssh

ufw-before-logging-input all -- anywhere anywhere

ufw-before-input all -- anywhere anywhere

ufw-after-input all -- anywhere anywhere

ufw-after-logging-input all -- anywhere anywhere

ufw-reject-input all -- anywhere anywhere

ufw-track-input all -- anywhere anywhere

 

Chain FORWARD (policy DROP)

target prot opt source destination

DROP all -- 192.168.1.1 anywhere

ufw-before-logging-forward all -- anywhere anywhere

ufw-before-forward all -- anywhere anywhere

ufw-after-forward all -- anywhere anywhere

ufw-after-logging-forward all -- anywhere anywhere

ufw-reject-forward all -- anywhere anywhere

ufw-track-forward all -- anywhere anywhere

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

ufw-before-logging-output all -- anywhere anywhere

ufw-before-output all -- anywhere anywhere

ufw-after-output all -- anywhere anywhere

ufw-after-logging-output all -- anywhere anywhere

ufw-reject-output all -- anywhere anywhere

ufw-track-output all -- anywhere anywhere

 

Chain f2b-sshd (1 references)

target prot opt source destination

RETURN all -- anywhere anywhere

 

Chain ufw-after-forward (1 references)

target prot opt source destination

 

Chain ufw-after-input (1 references)

target prot opt source destination

ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns

ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm

ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn

ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds

ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps

ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc

ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST

 

Chain ufw-after-logging-forward (1 references)

target prot opt source destination

LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

 

Chain ufw-after-logging-input (1 references)

target prot opt source destination

LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

 

Chain ufw-after-logging-output (1 references)

target prot opt source destination

 

Chain ufw-after-output (1 references)

target prot opt source destination

 

Chain ufw-before-forward (1 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED

ACCEPT icmp -- anywhere anywhere icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere icmp source-quench

ACCEPT icmp -- anywhere anywhere icmp time-exceeded

ACCEPT icmp -- anywhere anywhere icmp parameter-problem

ACCEPT icmp -- anywhere anywhere icmp echo-request

ufw-user-forward all -- anywhere anywhere

 

Chain ufw-before-input (1 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED

ufw-logging-deny all -- anywhere anywhere ctstate INVALID

DROP all -- anywhere anywhere ctstate INVALID

ACCEPT icmp -- anywhere anywhere icmp destination-unreachable

ACCEPT icmp -- anywhere anywhere icmp source-quench

ACCEPT icmp -- anywhere anywhere icmp time-exceeded

ACCEPT icmp -- anywhere anywhere icmp parameter-problem

ACCEPT icmp -- anywhere anywhere icmp echo-request

ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc

ufw-not-local all -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900

ufw-user-input all -- anywhere anywhere

 

Chain ufw-before-logging-forward (1 references)

target prot opt source destination

 

Chain ufw-before-logging-input (1 references)

target prot opt source destination

 

Chain ufw-before-logging-output (1 references)

target prot opt source destination

 

Chain ufw-before-output (1 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere

ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED

ufw-user-output all -- anywhere anywhere

 

Chain ufw-logging-allow (0 references)

target prot opt source destination

LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

 

Chain ufw-logging-deny (2 references)

target prot opt source destination

RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10

LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

 

Chain ufw-not-local (1 references)

target prot opt source destination

RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL

RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST

RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST

ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10

DROP all -- anywhere anywhere

 

Chain ufw-reject-forward (1 references)

target prot opt source destination

 

Chain ufw-reject-input (1 references)

target prot opt source destination

 

Chain ufw-reject-output (1 references)

target prot opt source destination

 

Chain ufw-skip-to-policy-forward (0 references)

target prot opt source destination

DROP all -- anywhere anywhere

 

Chain ufw-skip-to-policy-input (7 references)

target prot opt source destination

DROP all -- anywhere anywhere

 

Chain ufw-skip-to-policy-output (0 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere

 

Chain ufw-track-forward (1 references)

target prot opt source destination

 

Chain ufw-track-input (1 references)

target prot opt source destination

 

Chain ufw-track-output (1 references)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere ctstate NEW

ACCEPT udp -- anywhere anywhere ctstate NEW

 

Chain ufw-user-forward (1 references)

target prot opt source destination

 

Chain ufw-user-input (1 references)

target prot opt source destination

ACCEPT tcp -- anywhere anywhere tcp dpt:http

ACCEPT udp -- anywhere anywhere udp dpt:http

ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

ACCEPT udp -- anywhere anywhere udp dpt:ssh

ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */

ACCEPT all -- 192.168.1.1 anywhere

ACCEPT all -- 192.168.1.0/24 anywhere

 

Chain ufw-user-limit (0 references)

target prot opt source destination

LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

 

Chain ufw-user-limit-accept (0 references)

target prot opt source destination

ACCEPT all -- anywhere anywhere

 

Chain ufw-user-logging-forward (0 references)

target prot opt source destination

 

Chain ufw-user-logging-input (0 references)

target prot opt source destination

 

Chain ufw-user-logging-output (0 references)

target prot opt source destination

 

Chain ufw-user-output (1 references)

target prot opt source destination
    
por Riz-waan 25.07.2017 / 16:07

1 resposta

2

Fail2ban é um script que analisa os arquivos de log e, dependendo das falhas de conexão, coloca as proibições.

Agora, se estiver banindo você e você não teve uma falha de conexão, ela está configurada incorretamente e precisa ser configurada corretamente.

Quanto a como impedir que isso seja proibido, a maneira mais fácil seria adicionar seu próprio nome DNS IP / reverso à lista de permissões, para que ele nunca o banisse. Isso só funcionará se seu IP for estático.

No entanto, parece que, neste caso, tudo está sendo controlado pelo Uncomplicated Firewall que eu vinculei a página wiki aqui para você.

    
por 25.07.2017 / 16:28