fail2ban notes

Modifying default settings

Edit file: /etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime = 1h
findtime = 15m

Add ufw filter

Create file: /etc/fail2ban/filter.d/ufw.conf

[INCLUDES]
before = common.conf

[Definition]
failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>

Set up jails

Create file: /etc/fail2ban/jail.d/ssh.local

[sshd]
enabled = true
action  = iptables-allports
          cloudflare

[ufw]
enabled  = true
filter   = ufw
logpath  = /var/log/ufw.log
maxretry = 5
action   = iptables-allports
           cloudflare
ignoreip = 127.0.0.1/8 ::1


[recidive]
enabled  = true
filter   = recidive
action   = iptables-allports
           cloudflare
logpath  = /var/log/fail2ban.log
maxretry = 5
findtime = 1d
bantime  = 1d

Cloudflare

Edit file: /etc/fail2ban/action.d/cloudflare.conf

Add the Cloudflare credentials accordingly:

cftoken = token
cfuser = email

Manual (un-)ban

sudo fail2ban-client set JAIL banip 1.2.3.4

Example for SSHD:

sudo fail2ban-client set sshd banip 1.2.3.4

To unban, change banip to unbanip in the above commands.

Eddie Chua

fail2ban notes

Modifying default settings

Add ufw filter

Set up jails

Cloudflare

Manual (un-)ban

You May Also Enjoy

Serving Python Flask App with Gunicorn and Nginx

decrypt pdf

Caddy notes

Installing dockerized Mailcow with custom ssl certificates