一,问题现象:
firewalld未重新加载规则前,可以看到fail2ban添加的防火墙规则:
[root@web ~]# firewall-cmd --list-all
public (active)target: defaulticmp-block-inversion: nointerfaces: eth0sources:services:ports: 80/tcpprotocols:forward: yesmasquerade: noforward-ports:source-ports:icmp-blocks:rich rules:rule family="ipv4" source address="47.254.84.31" port port="http" protocol="tcp" reject type="icmp-port-unreachable"rule family="ipv4" source address="128.90.157.2" port port="https" protocol="tcp" reject type="icmp-port-unreachable"rule family="ipv4" source address="106.75.146.176" port port="http" protocol="tcp" reject type="icmp-port-unreachable"rule family="ipv4" source address="78.153.140.224" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
...
重新加载firewalld规则
[root@web ~]# firewall-cmd --reload
success
再次查看防火墙规则:
可以看到fail2ban添加的防火墙规则已全部丢失
[root@web ~]# firewall-cmd --list-all
public (active)target: defaulticmp-block-inversion: nointerfaces: eth0sources:services:ports: 80/tcpprotocols:forward: yesmasquerade: noforward-ports:source-ports:icmp-blocks:rich rules:
二,解决:
第一种方法:用systemctl重启fail2ban服务
[root@web ~]# systemctl restart fail2ban.service
第二种方法:用fail2ban-client重启fail2ban服务
[root@web ~]# fail2ban-client restart
Shutdown successful
Server ready
两个方法均有效