打开frp日志
vim /opt/frp_0.51.2_linux_amd64/frps.ini
添加如下几行
#日志输出,可以设置为具体的日志文件或者console
log_file = /var/log/frps.log
#日志记录等级,有trace, debug, info, warn, error
log_level = info
#日志保留时间
log_max_days = 3
安装配置iptables
# iptables-persistent 安装iptables服务
apt install -y iptables iptables-persistent
# 放开所有端口
iptables -A INPUT -p tcp --dport 10:65535 -j ACCEPT
systemctl start iptables
systemctl enable iptables
systemctl status iptables
安装配置fail2ban
apt install -y fail2ban
touch /etc/fail2ban/filter.d/frps.conf
vim /etc/fail2ban/filter.d/frps.conf
touch /etc/fail2ban/jail.local
vim /etc/fail2ban/jail.local
systemctl start fail2ban
systemctl enable fail2ban
systemctl status fail2ban
[Definition]
failregex = ^.*\[sketcherly_ssh\] get a user connection \[<HOST>:[0-9]*\]
ignoreregex =
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.100/24
bantime = 600
findtime = 600
maxretry = 3
[frp]
enabled = true
findtime = 10m
maxretry = 3
bantime = 1d
filter = frps
logpath = /var/log/frps.log
protocol = all
chain = all
port = all
action = iptables-allports[name=frp,protocol=tcp]
有用的命令
# 查看当前防火墙规则
iptables -L
# 查看当前拦截的ip列表
fail2ban-client status frp