一,问题现象:
firewalld未重新加载规则前,可以看到fail2ban添加的防火墙规则:
[root@web ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services:
ports: 80/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="47.254.84.31" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="128.90.157.2" port port="https" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="106.75.146.176" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="78.153.140.224" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
...
重新加载firewalld规则
[root@web ~]# firewall-cmd --reload
success
再次查看防火墙规则:
可以看到fail2ban添加的防火墙规则已全部丢失
[root@web ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services:
ports: 80/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
二,解决:
第一种方法:用systemctl重启fail2ban服务
[root@web ~]# systemctl restart fail2ban.service
第二种方法:用fail2ban-client重启fail2ban服务
[root@web ~]# fail2ban-client restart
Shutdown successful
Server ready
两个方法均有效
标签:防火墙,tcp,firewalld,source,fail2ban,icmp,port,ports From: https://www.cnblogs.com/architectforest/p/18439208