vi /etc/fail2ban.conf
#以 daemon 方式启动 fail2ban
background = true
#允许尝试次数
maxfailures = 3
#触发 maxfailures 之後的封锁时间(秒); 设为 -1 表示永远封锁
bantime = 3600
#以 findtime (秒) 时间内的错误记录作为 maxfailures 的计数基准
findtime = 600
#排除 IP 范围, 以空白隔开
ignoreip = 127.0.0.1 192.168.0.0/24
#不启用 mail 通知
[MAIL]
enabled = false
#修改自 VSFTPD, 未提及的部份保持原设定
[PROFTPD]
enabled = true
logfile = /var/log/proftpd/proftpd.log
failregex = no such user|Incorrect password
#未提及的部份保持原设定
[SSH]
enabled = true
logfile = /var/log/secure
service fail2ban start

2015-08-01 09:13:33,532 WARNING: SSH: Ban (3600 s) 205.189.197.66
2015-08-01 12:24:41,943 WARNING: SSH: Ban (3600 s) 121.52.209.5

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http
f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http
f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http
f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http
f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http
f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http
f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1
ACCEPT tcp -- anywhere anywhere tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-NoAuthFailures (1 references)
target prot opt source destination
REJECT all -- 64.68.50.128 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.194.26.205 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere

# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT