Fail2banはブルートフォース攻撃からコンピューターサーバーを保護するためのソフトウェアでログを解析しルールに沿ってiptablesを操作する形でフィルタリングを実現します。一方で近年のLinuxディストリビューションではiptablesを直接操作せず、firewalldやUncomplicated Firewall(ufw)を用いてiptablesを操作することが多いです。Ubuntuにおいてiptablesを使ってFail2banを使用する記事は見つけられましたがufwを使う場合の記事を見つけられなかったので本稿にまとめます。


Ubuntu 20.04 LTSを前提に解説します。また、Fail2banの使い方については解説しません。



コマンド1. Fail2banのインストール
langur@server:~$ sudo apt install fail2ban
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  python3-pyinotify python3-systemd whois
Suggested packages:
  monit python-pyinotify-doc
The following NEW packages will be installed:
  fail2ban python3-pyinotify python3-systemd whois
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 481 kB of archives.
After this operation, 2,594 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 focal/universe amd64 fail2ban all 0.11.1-1 [375 kB]
Get:2 focal/main amd64 python3-pyinotify all 0.9.6-1.2ubuntu1 [24.8 kB]
Get:3 focal/main amd64 python3-systemd amd64 234-3build2 [36.5 kB]
Get:4 focal/main amd64 whois amd64 5.5.6 [44.7 kB]
Fetched 481 kB in 0s (2,238 kB/s)
Selecting previously unselected package fail2ban.
(Reading database ... 86745 files and directories currently installed.)
Preparing to unpack .../fail2ban_0.11.1-1_all.deb ...
Unpacking fail2ban (0.11.1-1) ...
Selecting previously unselected package python3-pyinotify.
Preparing to unpack .../python3-pyinotify_0.9.6-1.2ubuntu1_all.deb ...
Unpacking python3-pyinotify (0.9.6-1.2ubuntu1) ...
Selecting previously unselected package python3-systemd.
Preparing to unpack .../python3-systemd_234-3build2_amd64.deb ...
Unpacking python3-systemd (234-3build2) ...
Selecting previously unselected package whois.
Preparing to unpack .../archives/whois_5.5.6_amd64.deb ...
Unpacking whois (5.5.6) ...
Setting up whois (5.5.6) ...
Setting up fail2ban (0.11.1-1) ...
Created symlink /etc/systemd/system/ → /lib/systemd/system/fail2ban.service.
Setting up python3-pyinotify (0.9.6-1.2ubuntu1) ...
Setting up python3-systemd (234-3build2) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.1) ...

設定を書き換えたときは、 systemctl restart fail2ban コマンドを発行しプロセスを再起動します。


banaction = iptables-multiport から banaction = ufw に書き換えるだけです。 あとは有効にしたいルールを有効化しプロセスを再起動すれば良いです。

ソース1. ufwを使用する場合の設定差分
--- /etc/fail2ban/jail.conf     2020-01-11 19:01:00.000000000 +0900
+++ /etc/fail2ban/jail.local    2020-07-03 18:34:14.603898240 +0900
@@ -205,7 +205,8 @@
 # iptables-multiport, shorewall, etc) It is used to define
 # action_* variables. Can be overridden globally or per
 # section within jail.local file
-banaction = iptables-multiport
+#banaction = iptables-multiport
+banaction = ufw
 banaction_allports = iptables-allports


ソース2. ufw.conf
# Fail2Ban action configuration file for ufw
# You are required to run "ufw enable" before this will have any effect.
# The insert position should be appropriate to block the required traffic.
# A number after an allow rule to the application won't be of much use.


actionstart = 

actionstop = 

actioncheck = 

actionban = [ -n "<application>" ] && app="app <application>"
            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app

actionunban = [ -n "<application>" ] && app="app <application>"
              ufw delete <blocktype> from <ip> to <destination> $app

# Option: insertpos
# Notes.:  The position number in the firewall list to insert the block rule
insertpos = 1

# Option: blocktype
# Notes.: reject or deny
blocktype = reject

# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any

# Option: application
# Notes.: application from sudo ufw app list
application = 

# Author: Guilhem Lettron
# Enhancements: Daniel Black