>https://www.cnblogs.com/liujunqiao/p/10719942.html

* yum -y install epel-release    
```#epel库里就有fail2ban 直接安装epel库就可以使用```
* yum -y install fail2ban        
```#安装fail2ban```
* systemctl enable fail2ban
* cd /etc/fail2ban
* cp jail.conf  jail.local

> 可以删除所有配置，配置以下内容

```
[sshd-iptables]
enabled = true
port = 22922
filter = sshd
# 过滤参数，对应filter.d 目录下的动作
action = iptables[name=SSH, port=22922, protocol=tcp]
# 动作参数 ，对应actioin.d目录下的动作，当前使用iptables
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
findtime = 10m
# 10分钟内输错3次
bantime = 60m
# 60分钟内禁止链接，实际为iptables增加了reject规则
```

* systemctl start fail2ban
* systemctl status fail2ban
* fail2ban-client status

查看fail2ban已经操作的ip
> iptables -nL
```
Chain f2b-SSH (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0  
```
* 解封ip
```
fail2ban-client set sshd-iptables unbanip xxx.xxx.xxx.xxx

set 后面的参数 为 jail.local 里面 [xxxx] 对应的节点 sshd-iptables
```