安全:fail2ban:重新加载firewalld时,fail2ban添加的防火墙规则丢失

一，问题现象:

firewalld未重新加载规则前，可以看到fail2ban添加的防火墙规则:

[root@web ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services:
  ports: 80/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="47.254.84.31" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
        rule family="ipv4" source address="128.90.157.2" port port="https" protocol="tcp" reject type="icmp-port-unreachable"
        rule family="ipv4" source address="106.75.146.176" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
        rule family="ipv4" source address="78.153.140.224" port port="http" protocol="tcp" reject type="icmp-port-unreachable"
...

重新加载firewalld规则

[root@web ~]# firewall-cmd --reload
success

再次查看防火墙规则:
可以看到fail2ban添加的防火墙规则已全部丢失

[root@web ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services:
  ports: 80/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

二，解决:

第一种方法：用systemctl重启fail2ban服务

[root@web ~]# systemctl restart fail2ban.service 

第二种方法:用fail2ban-client重启fail2ban服务

[root@web ~]# fail2ban-client restart
Shutdown successful
Server ready 

两个方法均有效