mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues

Update banning docs for wireguard

Browse Source
This commit is contained in:
Jelle van der Waa 2021-08-01 17:03:00 +02:00
parent 9f54f8e07b
commit 77753e266f
No known key found for this signature in database
GPG Key ID: C06086337C50773E
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/banning.md
View File

@ -1,11 +1,19 @@
# Banning IP Addresses for abuse
For banning with an expiry `fail2ban` can be used, the expiry time depends on the configured fail2ban jail:
```
firewall-cmd --add-rich-rule="rule family='ipv4' source address='1.1.1.1' reject"
fail2ban-client set sshd banip 1.1.1.1
```
To permanently ban an IP address `firewall-cmd` can be used as shown below:
```
firewall-cmd --add-rich-rule="rule family='ipv4' source address='1.1.1.1' reject" --zone=public
```
```
firewall-cmd --add-rich-rule="rule family='ipv6' source address='1:2:3:4:6::' reject"
firewall-cmd --add-rich-rule="rule family='ipv6' source address='1:2:3:4:6::' reject" --zone=public
```
Note that on Gitlab, you must block the ip address for the docker zone:
@ -23,5 +31,5 @@ firewall-cmd --list-all
To remove a banned IP Address:
```
firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" reject'
firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" reject' --zone=public
```