- quickstart
- get status
- get status by service
- get list of banned ips
- enable a service jail
- verify maxretry unit
- verify regex
- whitelist
- ban ssh through iptables
apt install fail2banfail2ban-client statusfail2ban-client status SERVICEfail2ban-client get SERVICE banned- edit the file in
jail.dand insert some service ( list in/etc/fail2ban/jail.conf), ie
[apache-auth]
enabled = true
fail2ban-client --str2sec 1mgives 60 ( sec ) for the input 1m
fail2ban-regex /var/log/auth.log sshdin the following example the ip 10.10.1.33 is whitelisted
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 10.10.1.33/32
in the file in the jail.d folder
[sshd]
enabled = true
action = iptables[name=SSH, port=ssh, protocol=tcp]