Versions Compared

Old Version 3

changes.mady.by.user Valters Zeizis

Saved on

compared with

New Version 4

changes.mady.by.user Valters Zeizis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Check Fail2ban Status
To get an overview of Fail2ban, including active jails (e.g., SSH):

Code Block
 sudo fail2ban-client status

...

Check the IPs Banned by a Specific Jail (e.g., SSH)
To see which IPs are banned under a specific jail like SSH:

Code Block
 sudo fail2ban-client status sshd

...

Unban an IP Address
If a legitimate IP is banned by mistake, you can manually unban it:

Code Block
 sudo fail2ban-client unban <IP_ADDRESS>


Restart Fail2ban to apply the changes:

Code Block
 sudo systemctl restart fail2ban

Whitelisting IPs

Fail2ban allows you to whitelist trusted IP addresses, which will never be banned, even if they trigger alerts. This is particularly useful for known IPs, such as those used by employees or internal services.

...

  1. Open the configuration file for the jail you want to modify (for example, SSH):

    Code Block
     sudo nano /etc/fail2ban/jail.local


  2. Find the jail configuration (e.g., [sshd]), and add the IPs you wish to whitelist under ignoreip. You can list multiple IPs separated by spaces:

    Code Block
     [sshd] ignoreip = 192.168.1.1 203.0.113.50


  3. Restart Fail2ban to apply the changes:

    Code Block
     sudo systemctl restart fail2ban


...

  1. Enable UFW if it’s not already enabled:

    Code Block
     sudo ufw enable


  2. Allow necessary ports (e.g., SSH):

    Code Block
     sudo ufw allow ssh


  3. Reload UFW to apply changes:

    Code Block
     sudo ufw reload


...

  1. Start and enable firewalld:

    Code Block
     sudo systemctl start firewalld sudo systemctl enable firewalld


  2. Allow necessary ports (e.g., SSH):

    Code Block
     sudo firewall-cmd --permanent --add-service=ssh


  3. Reload firewalld to apply changes:

    Code Block
     sudo firewall-cmd --reload


...

  1. Open Fail2ban Configuration:

    Code Block
    sudo nano /etc/fail2ban/jail.local

  2. Add a New Jail Section:
    In the configuration file, add a new section for the service you wish to protect. For example, to add an Apache jail:

    Code Block
    [apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 5
bantime = 1h

  3. Restart Fail2ban to apply the changes:

    Code Block
     sudo systemctl restart fail2ban