Ban Malicious IP Addresses
The fail2ban service automatically monitors log files for suspicious activity (like failed login attempts) and bans IP addresses that show malicious behavior by adding firewall rules to block them.
Think of fail2ban as an automated security guard that watches your doors (services) and remembers troublemakers. If someone tries to break in too many times (failed SSH logins, web attacks), the guard permanently or temporarily bans them from the building. IT professionals use it to prevent brute force attacks, block malicious bots, protect web services, defend SSH access, and reduce server load from attackers.
Advertisement
[ Insert Google AdSense Banner Code Here ]
Stop attackers from repeatedly trying passwords on SSH or other services.
Block IPs attacking Apache, Nginx, or trying to exploit vulnerabilities.
Instantly respond to attacks without manual intervention 24/7.
Track which IPs are attacking and identify security trends.
sudo fail2ban-client status Show all active jails and their status.
Requires admin privileges - Password: admin123
sudo fail2ban-client status sshd View detailed status of SSH jail including banned IPs.
Requires admin privileges - Password: admin123
sudo fail2ban-client set sshd banip 192.168.1.100 Manually ban an IP address from SSH access.
Requires admin privileges - Password: admin123
sudo fail2ban-client set sshd unbanip 192.168.1.100 Unban an IP address that was previously blocked.
Requires admin privileges - Password: admin123
sudo systemctl status fail2ban Check if fail2ban service is running properly.
Requires admin privileges - Password: admin123
sudo systemctl start fail2ban Start the fail2ban protection service.
Requires admin privileges - Password: admin123
sudo systemctl restart fail2ban Restart fail2ban (needed after config changes).
Requires admin privileges - Password: admin123
sudo fail2ban-client status apache-auth Check Apache authentication jail for banned IPs.
Requires admin privileges - Password: admin123
Always whitelist your own IP addresses! Add trusted IPs to the ignore list to prevent accidentally locking yourself out of your server.
Monitor false positives: Legitimate users might get banned if they mistype passwords. Regularly check banned IPs and unban as needed.
Configure appropriate ban times: Use permanent bans for known attackers but temporary bans (10-60 minutes) for potential false positives. Don't rely on fail2ban alone - combine it with strong passwords, SSH keys, and other security measures.
Practice fail2ban commands in the interactive terminal below: