优化Fail2ban服务启动逻辑,优先重载配置以保留已封禁IP

This commit is contained in:
eddy
2026-06-29 03:03:55 +08:00
parent c3aa036911
commit ee9124ffff
+12 -3
View File
@@ -756,9 +756,18 @@ bantime = 1h
findtime = 10m
EOF
# 重启Fail2ban
log "${YELLOW}重启Fail2ban服务...${NC}"
systemctl restart fail2ban 2>/dev/null || systemctl start fail2ban 2>/dev/null || log "${RED}Fail2ban服务启动失败${NC}"
# 应用配置:已运行则优先 reload(不中断防护、保留已封禁IP),未运行才 start
if systemctl is-active --quiet fail2ban; then
log "${YELLOW}Fail2ban正在运行,重载配置(保留已封禁IP)...${NC}"
systemctl reload fail2ban 2>/dev/null \
|| systemctl restart fail2ban 2>/dev/null \
|| log "${RED}Fail2ban配置重载失败${NC}"
else
log "${YELLOW}启动Fail2ban服务...${NC}"
systemctl start fail2ban 2>/dev/null \
|| systemctl restart fail2ban 2>/dev/null \
|| log "${RED}Fail2ban服务启动失败${NC}"
fi
# 等待服务启动完成
log "${YELLOW}等待Fail2ban服务完全启动...${NC}"