Fail2ban Intrusion Prevention
Monitor logs and automatically ban IPs showing malicious signs with Fail2ban for Linux servers.
Overview
The tool works by parsing log files (syslog, auth.log, nginx/Apache access logs) using configurable regex filters. When a filter matches a defined number of times within a time window, Fail2ban executes a ban action — typically adding an iptables or nftables rule to block the offending IP. Bans are temporary by default, with configurable ban durations and exponential backoff for repeat offenders.
Fail2ban comes with pre-configured filters for common services (sshd, nginx, apache, postfix, dovecot) and can be extended with custom filters for application-specific log formats. Actions can go beyond firewall rules to include email notifications, Slack alerts, or API calls to update external blocklists. The fail2ban-client CLI provides real-time monitoring of banned IPs, jail status, and manual ban/unban operations.
Who Is This For?
- Block SSH brute force attempts automatically
- Protect Nginx/Apache from repeated failed login attempts
- Set up custom jail for application-specific attack patterns
- Configure email alerts for banned IP addresses
Installation
sudo apt install fail2ban Configuration
# /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600
[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 5
bantime = 7200 Explore AI Tools
Discover the best AI tools that complement your skills
Read AI & Design Articles
Tips and trends in the world of design and AI
Related Servers
Snyk Security Scan
Detect vulnerabilities in your dependencies and application code. Get actionable remediation advice and automatic fix pull requests.
SonarQube Code Quality
Run continuous code quality and security analysis to catch bugs, code smells, and vulnerabilities before they reach production.
OWASP ZAP Security Testing
Perform automated web application security testing to find common vulnerabilities like XSS, injection flaws, and misconfigurations.