fail2ban is a script monitoring the network accesses thanks to server logs.

When fail2ban detects replicated authentication errors, it retaliates by banning the IP address thanks to IPtables.

It allows to avoid many brute-force and/or dictionary attacks.

Fail2Ban relies on a jail system that we can define, activate or deactivate in a simple configuration file (/etc/fail2ban/jail.conf).


The installation operates via the following command :


The configuration operates from the following file :

Level of details of logs (default 3)

Path towards the log file (Description of the actions taken by fail2ban)

The services to monitor are stored in jail.conf
It is advised to operate a copy called jail.local that will be automatically used instead of the example file for example.

Several global parameters :

List of the trusted IP address to ignore by Fail2ban

Time of ban in seconds

Authorized number of attempts for a connection before being banned

Destination email address of notifications

Action to take in case of positive detection (see in /etc/fail2ban/action.d/)

Each section has its own parameters that prevail over the global ones if they are mentioned :

Monitoring activated (true) or no (false)

See above

Concerned IP port

Log file to analyze to detect anomalies

Filter used for the log’s analyse

The default filters are stored in /etc/fail2ban/filter.d. Generally, they have a failregex instruction followed by a regular expression matching a detection of a false authentication.

For exemple for the Courier service :

Note : This one can be directly specified in jail.local to the appropriate section to take precedence over the filter directive.

Example of a configuration for a jail ssh :

You can also change the port if necessary :

Once the modifications operated, fail2ban must be restarted :

To list the banned IP addresses :

We can notice 3 blocked IP in the example below :


This commande allows to perform a large number of actions such as changing the loglevel, unbanning an IP, changing a regex, and all of it on the fly. Nonetheless the modifications can not be safeguarded if they are not added in the configuration files. In case of restart of the service or server, you can lose your manipulations. It remains a great tool to debug and perform a quick action.

Example of an IP débat without restart (it means keeping the rest of IP blocked) : ssh-iptables being the jail’s name


Categories: SystemTutorials

JN Community

Les Ressources, en particulier les tutoriaux, présupposent que l’Utilisateur qui décide de les mettre en œuvre dispose des connaissances, des compétences et de l’expérience nécessaire pour cette mise en œuvre. L’Utilisateur disposant d’une connaissance, compétence et/ou expérience limitée ou insuffisante doit absolument s’abstenir de mettre en œuvre les Ressources par lui-même. Jaguar Network décline toute responsabilité quant aux conséquences dommageables de la mise en œuvre des Ressources, notamment sur les infrastructures informatiques de l’Utilisateur, de ses commettants ou préposés ou de tout tiers. Il est précisé en tant que de besoin que toute intervention de Jaguar Network visant à réparer les dommages causés par la mise en œuvre des Ressources par un Utilisateur ne disposant pas des connaissances, compétences et/ou expériences suffisantes sera facturée et fera l’objet d’un devis préalable et d’un bon de commande aux conditions des contrats Jaguar Network en vigueur.

Related Posts


Shutdown and restart your Linux system

Vote On Linux system, there are a lot of commands to shutdown and reboot your system. This tutorial aims to detail some existing possibilities. Articles similaires


Installation of a web server LEMP (Linux, Nginx, MySQL, PHP)

Vote The installation of a server LEMP Linux + Nginx + MySQL + PHP might be more useful and efficient than an Apache (server LAMP). Articles similaires


Operating load-balancing with HAproxy

Vote HAproxy is a software allowing Load-Balancing between several web servers by allocating requests in an almost transparent way for the user. Articles similaires