一键安装脚本

wget https://raw.githubusercontent.com/cnnlei/Fail2ban/master/fail2ban.sh && bash fail2ban.sh 2>&1 | tee fail2ban.log

安装后需要改配置文件,才能正常启动
fail2ban 132行改成Auto改成systemd,随后重启fail2ban

vim /etc/fail2ban/jail.conf

systemctl restart fail2ban

启动/停止/重启服务

sudo systemctl start fail2ban    # 启动服务
sudo systemctl stop fail2ban     # 停止服务
sudo systemctl restart fail2ban  # 重启服务
sudo systemctl enable fail2ban   # 设置开机自启

查看服务状态

sudo systemctl status fail2ban

查看被封禁的 IP

sudo fail2ban-client status sshd

解封特定 IP

sudo fail2ban-client set sshd unbanip 192.168.1.100

手动封禁 IP

sudo fail2ban-client set sshd banip 192.168.1.100

1.测试去程路由

curl -sL nxtrace.org/nt |bash

用法如下(其中8.8.8.8换成你要测试的ip)

nexttrace 8.8.8.8

2.tcping工具

sudo apt install tcptraceroute
sudo wget http://www.vdberg.org/~richard/tcpping -O /usr/bin/tcping
sudo chmod +x /usr/bin/tcping

然后是用法(8.8.8.8是地址,53是端口)

tcping 8.8.8.8 53

ipv6地址在线随机生成
打开上面的地址,复制你vps的ipv6地址,包括掩码一起复制,然后点击生成,转换成shell指令复制,在vps中ssh粘贴,这样就行了,如果报错就执行如下指令

apt install sudo

前言
ipset 是 iptables 的扩展，它允许你创建匹配整个 IP 地址集合的规则。可以快速的让我们屏蔽某个 IP 段。这里分享一个屏蔽指定国家的 IP 访问的方法和一个屏蔽国外 IP 访问（仅允许国内 IP 访问）的方法，当我们遇到 CC 攻击，可以尝试选择和使用能有所缓解。

屏蔽指定国家的IP
首先需要得到国家 IP 段，下载地址：http://www.ipdeny.com/ipblocks/。这里以我们国家为例。

1、安装 ipset

#Debian/Ubuntu系统

apt-get -y install ipset

#CentOS系统

yum -y install ipset

2、创建规则

#创建一个名为cnip的规则

ipset -N cnip hash:net

#下载国家IP段

wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone

#将IP段添加到cnip规则中

for i in $(cat /root/cn.zone ); do ipset -A cnip $i; done

3、开始屏蔽

iptables -I INPUT -p tcp -m set --match-set cnip src -j DROP

4、解除屏蔽

#-D为删除规则

iptables -D INPUT -p tcp -m set --match-set cnip src -j DROP

由于某些软件并没有增加开启启动的服务，很多时候需要手工添加，一般我们都是推荐使用 systemd 写个系统服务，但是对于一些简单的脚本或者懒人来说，添加命令到 /etc/rc.local 文件更方便，但是自从 Debian 9 开始，Debian 默认不带 /etc/rc.local 文件，而 rc.local 服务却还是自带的：

cat /lib/systemd/system/rc-local.service

root@debian ~ # cat /lib/systemd/system/rc-local.service
SPDX-License-Identifier: LGPL-2.1-or-later
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This unit gets pulled automatically into multi-user.target by
systemd-rc-local-generator if /etc/rc.local is executable.
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=network.target

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
并且默认情况下这个服务还是关闭的状态：

systemctl status rc-local

root@debian ~ # systemctl status rc-local
● rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/lib/systemd/system/rc-local.service; static)
Drop-In: /usr/lib/systemd/system/rc-local.service.d
└─debian.conf
Active: inactive (dead)
Docs: man:systemd-rc-local-generator(8)
为了解决这个问题，我们需要手工添加一个 /etc/rc.local 文件：

cat <<EOF >/etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0
EOF

然后赋予权限：

chmod +x /etc/rc.local

接着启动 rc-local 服务：

systemctl enable --now rc-local

此时可能会弹出警告：

The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.

Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
instance name specified.
无视警告，因为这个服务没有任何依赖的系统服务，只是开机启动 /etc/rc.local 脚本而已。

systemctl status rc-local.service

再次查看状态：
root@debian ~ # systemctl status rc-local.service
● rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/lib/systemd/system/rc-local.service; enabled-runtime; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/rc-local.service.d
└─debian.conf
Active: active (exited) since Thu 2022-01-27 18:52:43 UTC; 10s ago
Docs: man:systemd-rc-local-generator(8)
Process: 541 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
CPU: 3ms

Jan 27 18:52:43 debian systemd[1]: Starting /etc/rc.local Compatibility...
Jan 27 18:52:43 debian systemd[1]: Started /etc/rc.local Compatibility.

然后你就可以把需要开机启动的命令添加到 /etc/rc.local 文件，丢在 exit 0 前面即可，并尝试重启以后试试是否生效了.

这里欢迎所有热爱技术,互联网的同类人,大家一起学习进步