Мой IP блокируется на сервере автоматически

381
Riz-waan

Мне нужно знать, какая программа или какое конкретное правило запрещает мой IP-адрес, как это часто случается, когда я программирую. Это запретит внутренний IP-адрес моего маршрутизатора, так как я подключаюсь через локальную сеть. Затем, примерно через 10 минут, он отменяет блокировку IP. Мне нужно знать, что делает это.

Вот журнал ядра,

Jul 24 12:40:35 buntubox-001 kernel: [68405.371388] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:42:40 buntubox-001 kernel: [68530.812091] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:44:46 buntubox-001 kernel: [68656.252761] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:46:51 buntubox-001 kernel: [68781.693450] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:48:56 buntubox-001 kernel: [68907.134130] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:51:02 buntubox-001 kernel: [69032.574810] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:53:07 buntubox-001 kernel: [69158.015484] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:55:13 buntubox-001 kernel: [69283.456341] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:57:18 buntubox-001 kernel: [69408.896851] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 12:59:24 buntubox-001 kernel: [69534.337509] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:01:29 buntubox-001 kernel: [69659.778153] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:03:35 buntubox-001 kernel: [69785.218879] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:05:40 buntubox-001 kernel: [69910.659585] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:07:45 buntubox-001 kernel: [70036.100269] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:09:51 buntubox-001 kernel: [70161.540931] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:11:56 buntubox-001 kernel: [70286.981572] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:14:02 buntubox-001 kernel: [70412.422228] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:16:07 buntubox-001 kernel: [70537.862891] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:18:13 buntubox-001 kernel: [70663.303475] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$  Jul 24 13:20:18 buntubox-001 kernel: [70788.744104] [UFW BLOCK] IN=enp2s0 OUT= MAC=01:00:5e:00:00:01:d8:50:e6:ce:a9:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x0$

Вот журнал fail2ban:

2017-07-24 06:25:17,215 fail2ban.server [1219]: INFO rollover performed on /var/log/fail2ban.log  2017-07-24 06:25:50,566 fail2ban.filter [1219]: INFO Log rotation detected for /var/log/auth.log  2017-07-24 06:27:31,632 fail2ban.filter [1219]: INFO [sshd] Found 177.129.242.80  2017-07-24 07:42:37,836 fail2ban.filter [1219]: INFO [sshd] Found 171.25.193.131  2017-07-24 07:44:27,693 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202  2017-07-24 07:44:27,760 fail2ban.filter [1219]: INFO [sshd] Found 87.154.220.202  2017-07-24 08:17:01,802 fail2ban.filter [1219]: INFO [sshd] Found 119.193.140.164  2017-07-24 09:44:05,257 fail2ban.filter [1219]: INFO [sshd] Found 91.197.232.103  2017-07-24 13:09:25,355 fail2ban.filter [1219]: INFO [sshd] Found 218.68.140.168

И наконец вот мой iptables -L

root@buntubox-001:/var/www/html# iptables -L  Chain INPUT (policy DROP)  target prot opt source destination  DROP all -- 192.168.1.1 anywhere  f2b-sshd tcp -- anywhere anywhere multiport dports ssh  ufw-before-logging-input all -- anywhere anywhere  ufw-before-input all -- anywhere anywhere  ufw-after-input all -- anywhere anywhere  ufw-after-logging-input all -- anywhere anywhere  ufw-reject-input all -- anywhere anywhere  ufw-track-input all -- anywhere anywhere     Chain FORWARD (policy DROP)  target prot opt source destination  DROP all -- 192.168.1.1 anywhere  ufw-before-logging-forward all -- anywhere anywhere  ufw-before-forward all -- anywhere anywhere  ufw-after-forward all -- anywhere anywhere  ufw-after-logging-forward all -- anywhere anywhere  ufw-reject-forward all -- anywhere anywhere  ufw-track-forward all -- anywhere anywhere     Chain OUTPUT (policy ACCEPT)  target prot opt source destination  ufw-before-logging-output all -- anywhere anywhere  ufw-before-output all -- anywhere anywhere  ufw-after-output all -- anywhere anywhere  ufw-after-logging-output all -- anywhere anywhere  ufw-reject-output all -- anywhere anywhere  ufw-track-output all -- anywhere anywhere     Chain f2b-sshd (1 references)  target prot opt source destination  RETURN all -- anywhere anywhere     Chain ufw-after-forward (1 references)  target prot opt source destination     Chain ufw-after-input (1 references)  target prot opt source destination  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm  ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn  ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps  ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc  ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST     Chain ufw-after-logging-forward (1 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-after-logging-input (1 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-after-logging-output (1 references)  target prot opt source destination     Chain ufw-after-output (1 references)  target prot opt source destination     Chain ufw-before-forward (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable  ACCEPT icmp -- anywhere anywhere icmp source-quench  ACCEPT icmp -- anywhere anywhere icmp time-exceeded  ACCEPT icmp -- anywhere anywhere icmp parameter-problem  ACCEPT icmp -- anywhere anywhere icmp echo-request  ufw-user-forward all -- anywhere anywhere     Chain ufw-before-input (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ufw-logging-deny all -- anywhere anywhere ctstate INVALID  DROP all -- anywhere anywhere ctstate INVALID  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable  ACCEPT icmp -- anywhere anywhere icmp source-quench  ACCEPT icmp -- anywhere anywhere icmp time-exceeded  ACCEPT icmp -- anywhere anywhere icmp parameter-problem  ACCEPT icmp -- anywhere anywhere icmp echo-request  ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc  ufw-not-local all -- anywhere anywhere  ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns  ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900  ufw-user-input all -- anywhere anywhere     Chain ufw-before-logging-forward (1 references)  target prot opt source destination     Chain ufw-before-logging-input (1 references)  target prot opt source destination     Chain ufw-before-logging-output (1 references)  target prot opt source destination     Chain ufw-before-output (1 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere  ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED  ufw-user-output all -- anywhere anywhere     Chain ufw-logging-allow (0 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "     Chain ufw-logging-deny (2 references)  target prot opt source destination  RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10  LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "     Chain ufw-not-local (1 references)  target prot opt source destination  RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL  RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST  RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST  ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10  DROP all -- anywhere anywhere     Chain ufw-reject-forward (1 references)  target prot opt source destination     Chain ufw-reject-input (1 references)  target prot opt source destination     Chain ufw-reject-output (1 references)  target prot opt source destination     Chain ufw-skip-to-policy-forward (0 references)  target prot opt source destination  DROP all -- anywhere anywhere     Chain ufw-skip-to-policy-input (7 references)  target prot opt source destination  DROP all -- anywhere anywhere     Chain ufw-skip-to-policy-output (0 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere     Chain ufw-track-forward (1 references)  target prot opt source destination     Chain ufw-track-input (1 references)  target prot opt source destination     Chain ufw-track-output (1 references)  target prot opt source destination  ACCEPT tcp -- anywhere anywhere ctstate NEW  ACCEPT udp -- anywhere anywhere ctstate NEW     Chain ufw-user-forward (1 references)  target prot opt source destination     Chain ufw-user-input (1 references)  target prot opt source destination  ACCEPT tcp -- anywhere anywhere tcp dpt:http  ACCEPT udp -- anywhere anywhere udp dpt:http  ACCEPT tcp -- anywhere anywhere tcp dpt:ssh  ACCEPT udp -- anywhere anywhere udp dpt:ssh  ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */  ACCEPT all -- 192.168.1.1 anywhere  ACCEPT all -- 192.168.1.0/24 anywhere     Chain ufw-user-limit (0 references)  target prot opt source destination  LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "  REJECT all -- anywhere anywhere reject-with icmp-port-unreachable     Chain ufw-user-limit-accept (0 references)  target prot opt source destination  ACCEPT all -- anywhere anywhere     Chain ufw-user-logging-forward (0 references)  target prot opt source destination     Chain ufw-user-logging-input (0 references)  target prot opt source destination     Chain ufw-user-logging-output (0 references)  target prot opt source destination     Chain ufw-user-output (1 references)  target prot opt source destination
0

1 ответ на вопрос

2
djsmiley2k

Fail2ban - это скрипт, который просматривает файлы журналов и, в зависимости от сбоев соединения, устанавливает запреты.

Теперь, если вас забанили, и у вас не было сбоя соединения, значит, он неправильно настроен и нуждается в правильной настройке.

Что касается того, как остановить запрет на вас, самый простой способ - добавить свой собственный IP / обратный DNS-имя в белый список, чтобы он никогда не запрещал вам. Это будет работать только если ваш IP статичен.

Тем не менее, в данном случае кажется, что все это управляется с помощью несложного брандмауэра, который я связал здесь вики-страницу для вас.

Похожие вопросы