Ikke lenger nødvendig
Mer informasjon: https://blog.geysermc.org/raknet-amplification-attack
Ny og bedre måte
Bruker faktisk ikke fail2ban, men ipset og iptables, med utgangspunkt i https://github.com/stamparm/ipsum
#/etc/cron.d/iptables-deny-ipset 0 8 * * * root /home/ubuntu/bin/iptables-deny-ipset.sh
#/home/ubuntu/bin/iptables-deny-ipset.sh: #!/bin/bash # # Blokkerer med utganspunkt i https://github.com/stamparm/ipsum # if [ "$(id -u)" != "0" ]; then echo -e '\033[1;31m'"" 1>&2 #rød tekst echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 1>&2 echo "!! This script must be run as root! !!" 1>&2 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" 1>&2 echo -e '\033[0m'"" 1>&2 #reset text color exit 1 fi ipset -q flush ipsum pset -q create ipsum hash:ip maxelem 200000 for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/levels/1.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null iptables -I INPUT -m set --match-set ipsum src -j DROP echo "IPTABLES oppdatert med liste fra https://github.com/stamparm/ipsum"