1. Intro

This is a quick and dirty fail2ban setup for Ubuntu and intended to be used as a quick-note.

I won't go into details here, as those are mostly covered in the Fail2ban howto for CentOS, which can be found here; Fail2ban with CentOS 6.

 

 

2. The guide

Install fail2ban.

# apt install fail2ban

 

 

2.1. Configure fail2ban

Copy jail.conf to jail.local and only add the settings we want to change there.

# cd /etc/fail2ban
# cp jail.conf jail.local
# nano jail.local

 

We'll ignore the connection from 192.168.0.100 as we don't want to get locked out while poking about on our own servers from my main workstation.

We're adding port 522 in addition to the default ssh port 22, as it could be used for some of the externally exposed servers.

The below are the contents of jail.local.

 

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 192.168.0.0/24

[sshd]
enabled = true
port    = ssh,522
#ignoreip = 192.168.0.100

 

Restart the fail2ban daemon and we're good to go.

# systemctl restart fail2ban

 

 

2.2. Unlock a banned client

# fail2ban-client set sshd unbanip 192.168.0.100

 

 

2.3. Check the fail2ban status for the sshd jail

# fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 6 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 1 `- Banned IP list:

 

 

2.4. List banned  IP-addresses

If the IP address you just unbanned is not listed in the output below, it means the IP isn't banned anymore.

# fail2ban-client set sshd unbanip 192.168.0.100

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 7
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: xxx.yyy.zzz.nnn

 

 

2.5. Unbanning IP address from all jails

Note that you don't specify a praticular jail with this command, ie "set sshd".

# fail2ban-client unban xxx.yyy.zzz.nnn

 

 

3. Sources

https://serverfault.com/questions/841183/how-to-show-all-banned-ip-with-fail2ban

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/

https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04

https://linuxhint.com/unban-ip-fail2ban/

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban