Navigation

Howto protect Linux server - Quick install fail2ban

Install fail2ban:

apt-get install fail2ban

Copy configuration file to right place:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit configuration file

[DEFAULT]
...
bantime  = 600 # = 10min (bigger = better)
...
banaction = iptables-allports


[ssh]
enabled  = true

[ssh-ddos]
enabled  = true

Restart service:

service fail2ban restart

Check iptables:

iptables -L -n

Log file:

cat /var/log/fail2ban.log

Unban IP:

# Check jail-name and ipaddress
iptables -L -n

# Get list of Jails
fail2ban-client status

# Unban IP adress
fail2ban-client get <jail-name> actionunban <ipaddress>

# Example:
fail2ban-client set ssh unbanip 192.168.1.24

# Unban - remove rule by iptables (reject-with icmp-port-unreachable)
iptables -D fail2ban-ssh -s 192.168.1.24 -j REJECT

.