...
For cloud tenants in the European Weather Cloud (EWC), Fail2ban comes preconfigured on virtual machine (VM) images, ensuring that your application is protected from malicious attempts right from the start. In EWC, this is implemented as 5 consecutive failed attempts (maxretry = 5). It's worth mentioning that the ban is lifted after an hour (bantime = 1h).
Reviewing Banned IPs
Check Fail2ban Status
To get an overview of Fail2ban, including active jails (e.g., SSH):
...
| Code Block |
|---|
sudo fail2ban-client status sshd |
Managing Banned IPs
Unban an IP Address
If a legitimate IP is banned by mistake, you can manually unban it:
...
| Code Block |
|---|
sudo systemctl restart fail2ban |
Whitelisting IPs
Fail2ban allows you to whitelist trusted IP addresses, which will never be banned, even if they trigger alerts. This is particularly useful for known IPs, such as those used by employees or internal services.
...
This command will whitelist all IPs in the range 203.0.113.0 to 203.0.113.255.
Firewall Configuration for Fail2ban on User VMs
In the European Weather Cloud (EWC), Fail2ban requires a firewall to be installed and properly configured on your virtual machines (VMs). Depending on the operating system of your VM, this will typically involve using UFW (for Ubuntu) or firewalld (for CentOS/Rocky Linux). Ensure that the necessary ports are open for Fail2ban to manage IP bans effectively.
...
Start and enable firewalld:
Code Block sudo systemctl start firewalld sudo systemctl enable firewalld
Allow necessary ports (e.g., SSH):
Code Block sudo firewall-cmd --permanent --add-service=ssh
Reload firewalld to apply changes:
Code Block sudo firewall-cmd --reload
Creating Another Jail (Optional)
If you need to protect additional services besides SSH, you can create new jails in the Fail2ban configuration. For example, to create a jail for Apache, follow these steps:
...