Installing and Configuring Fail2ban

In this article, I will provide an example of how to install and configure Fail2ban.

The Fail2ban installation command in Ubuntu:

sudo apt-get install fail2ban

After installation, configure the configuration files located at:
/etc/fail2ban/fail2ban.conf (main)
/etc/fail2ban/jail.conf (security settings for specific services)
/etc/fail2ban/jail.local (additional file with a higher priority to configure the protection of specific services)
SSH protection is enabled by default after installation.
In the configuration there are already many ready-made settings, for example for apache2, nginx, named, pure-ftpd, proftpd, postfix, etc., which can be activated by setting “true” instead of “false”.

You can immediately specify IP that can not be blocked, for example, local networks:

ignoreip =

Filters for which an unsuccessful attempt to enter the password and other unwanted actions are found in the /etc/fail2ban/filter.d directory and are included naturally in the configuration file /etc/fail2ban/jail.conf and /etc/fail2ban/jail.local. And the response rules are in /etc/fail2ban/action.d.
Logs are normally written in /var/log/fail2ban.log

Viewing rules in iptables:

sudo iptables -S | grep fail2ban

View status:

sudo fail2ban-client status
sudo fail2ban-client status sshd
sudo fail2ban-client status roundcube
sudo fail2ban-client status postfix
sudo fail2ban-client status dovecot
sudo fail2ban-client status proftpd

To restart fail2ban, you need to type:

sudo service fail2ban restart

An example of unblocking an IP address (or you can manually delete a rule in iptables):

sudo fail2ban-client set sshd unbanip "IP"

An example of unblocking all IP addresses:

sudo fail2ban-client unban --all

See also my articles:
Configuring Fail2Ban for ProFTPd
Configuring Fail2Ban for Asterisk
Configuring Fail2Ban for Bind9

Leave a comment

Leave a Reply