各种情况下 Proxmox VE 的登陆界面需要暴露在公网的时候,需要使用 fail2ban 来保护它不被暴力破解。

创建 filter

文件 /etc/fail2ban/filter.d/proxmox.conf

1
2
3
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

创建 jail

文件 /etc/fail2ban/jail.d/proxmox.conf

1
2
3
4
5
6
7
8
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600

重启 fail2ban

1
~> systemctl restart fail2ban

然后检查是否配置生效

1
2
3
4
~> fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: proxmox, sshd