打开frp日志

vim /opt/frp_0.51.2_linux_amd64/frps.ini

添加如下几行

#日志输出,可以设置为具体的日志文件或者console
log_file = /var/log/frps.log
#日志记录等级,有trace, debug, info, warn, error
log_level = info
#日志保留时间
log_max_days = 3

安装配置iptables

# iptables-persistent 安装iptables服务
apt install -y iptables iptables-persistent
# 放开所有端口
iptables -A INPUT -p tcp --dport 10:65535 -j ACCEPT

systemctl start iptables
systemctl enable iptables
systemctl status iptables

安装配置fail2ban

apt install -y fail2ban
touch /etc/fail2ban/filter.d/frps.conf
vim /etc/fail2ban/filter.d/frps.conf

touch /etc/fail2ban/jail.local
vim /etc/fail2ban/jail.local


systemctl start fail2ban
systemctl enable fail2ban
systemctl status fail2ban
[Definition]

failregex = ^.*\[sketcherly_ssh\] get a user connection \[<HOST>:[0-9]*\]
ignoreregex =
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.100/24
bantime = 600
findtime = 600
maxretry = 3



[frp]
enabled = true
findtime = 10m
maxretry = 3
bantime = 1d
filter = frps
logpath = /var/log/frps.log
protocol = all
chain = all
port = all
action = iptables-allports[name=frp,protocol=tcp]

有用的命令

# 查看当前防火墙规则
iptables -L
# 查看当前拦截的ip列表
fail2ban-client status frp