fail2ban

Updated: September 28, 2024

Integrates with iptables or ufw firewalls to enforce bans on suspect IP addresses.

Table of Contents

• Install
• Config
• Enable
• Parole

INSTALL

DEBIAN (UBUNTU, RASPBIAN, POPOS)

sudo apt install fail2ban

Fedora

sudo dnf install fail2ban

Manjaro (Arch)

sudo pacman -Sy fail2ban

CONFIG

Fail2ban default file will get overwritten so best not save changes directly to it. To persist across upgrade will will copy.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

/etc/fail2ban/jail.local

enabled = true		# adds a jail to go into effect

ENABLE FAIL2BAN

sudo systemctl enable fail2ban				# sets to restart even after reboot
sudo systemctl start fail2ban				# starts fail2ban
sudo systemctl status fail2ban.service		# checks status to make sure it is running

We can check on the client itself what is enabled

sudo fail2ban-client status

We can take a deeper look by including a specific jail

sudo fail2ban-client status sshd

PAROLE

We can unban an ip (parole it early). Useful if you lock yourself out.

sudo iptables -L	# find the REJECTED IP
sudo fail2ban-client set sshd unbanip 192.168.69.23