Всем большое спасибо. Я подзагнался сделать это правильно(наверное)
root@mail:~# cat /etc/fail2ban/filter.d/chinabots.conf | head
[Definition]
failregex = <HOST> .*GET /webdav/
<HOST> .*GET /xmlrpc.php
<HOST> .*GET /Administrator/FCKeditor/fckeditor.js
<HOST> .*GET /Administrator/fckeditor/fckeditor.js
<HOST> .*GET /CFIDE/administrator/
<HOST> .*GET /FCKEditorV2/fckeditor.js
<HOST> .*GET /FCKeditor/fckeditor.js
<HOST> .*GET /Fckeditor/fckeditor.js
<HOST> .*GET /Fckeditornew/fckeditor.js
root@mail:~# cat /etc/fail2ban/filter.d/testproxy.conf
[Definition]
failregex = <HOST> .*CONNECT
root@mail:~# cat /etc/fail2ban/jail.d/web.local
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
enabled = true
maxretry = 3
bantime = 86400
[chinabots]
enabled = true
filter = chinabots
port = http,https
logpath = /var/log/nginx/access.log
enabled = true
maxretry = 1
bantime = 100500
[testproxy]
enabled = true
filter = testproxy
port = http,https
logpath = /var/log/nginx/access.log
enabled = true
maxretry = 1
bantime = 200500
В iptables это выглядит так:
пампампам
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
пампарарарам
-A INPUT -j DROP
-A fail2ban-chinabots -j RETURN
-A fail2ban-dovecot -s 176.59.85.4/32 -j DROP
-A fail2ban-dovecot -j RETURN
-A fail2ban-nginx-http-auth -j RETURN
-A fail2ban-postfix -j RETURN
-A fail2ban-roundcube -j RETURN
-A fail2ban-testproxy -s 104.148.71.26/32 -j DROP
-A fail2ban-testproxy -s 104.148.71.34/32 -j DROP
-A fail2ban-testproxy -j RETURN
root@mail:~# fail2ban-client status testproxy
Status for the jail: testproxy
|- filter
| |- File list: /var/log/nginx/access.log
| |- Currently failed: 0
| `- Total failed: 2
`- action
|- Currently banned: 2
| `- IP list: 104.148.71.34 104.148.71.26
`- Total banned: 2