Back to tools
Configuration parameters
- enabled: Enable or disable the jail
- port: Ports to protect (comma separated)
- protocol: Protocol (tcp, udp, any)
- filter: Fail2Ban filter to use
- logpath: Path to the log file to monitor
- maxretry: Number of failed attempts before banning
- findtime: Time window to count attempts (seconds)
- bantime: Initial ban time (seconds)
- bantime.increment: Progressively increase ban time
- ignoreip: IPs that will never be banned
Example jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
findtime = 600
bantime = 3600
Frequently Asked Questions
How to install and configure Fail2Ban to protect SSH on Linux?
Install Fail2Ban with `apt install fail2ban` (Debian/Ubuntu) or `yum install fail2ban` (CentOS/RHEL). The main configuration file is `/etc/fail2ban/jail.conf` but should not be edited directly. Create `/etc/fail2ban/jail.local` with `[sshd] enabled = true port = ssh logpath = %(sshd_log)s maxretry = 5 bantime = 3600 findtime = 600`. Restart with `systemctl restart fail2ban` and verify with `fail2ban-client status sshd`.
What are the recommended bantime, maxretry and findtime values for Fail2Ban?
Recommended Fail2Ban values depend on the service and exposure. For SSH: `maxretry = 5` (failed attempts before banning), `findtime = 600` (time window in seconds, 10 minutes), `bantime = 3600` (ban duration, 1 hour). For Internet-facing services use stricter values: `maxretry = 3`, `bantime = 86400` (24h). Fail2Ban supports `bantime.increment = true` which doubles ban time on each repeat offense.
How to configure Fail2Ban to protect Nginx against brute force attacks?
Fail2Ban includes predefined jails for Nginx. Enable them in `jail.local`: `[nginx-http-auth] enabled = true port = http,https filter = nginx-http-auth logpath = /var/log/nginx/error.log maxretry = 5 bantime = 3600`. To protect against malicious bots add `[nginx-badbots] enabled = true`. For rate limiting: `[nginx-limit-req] enabled = true`. Each jail uses specific filters in `/etc/fail2ban/filter.d/`.
How to configure Fail2Ban to protect Postfix and Dovecot on mail servers?
In `/etc/fail2ban/jail.local` add: `[postfix] enabled = true port = smtp,submission logpath = /var/log/mail.log maxretry = 3 bantime = 86400` and `[dovecot] enabled = true port = imap,imaps,pop3,pop3s logpath = /var/log/mail.log maxretry = 3 bantime = 86400`. The filters detect failed SMTP (AUTH LOGIN/PLAIN) and IMAP/POP3 authentication attempts. Monitor with `fail2ban-client status postfix` and `fail2ban-client status dovecot`.
Related Tools
Scrypt Hash
Generate Scrypt hashes with configurable N, r and p parameters for secure key derivation.
Blowfish Cipher
Encrypt and decrypt text with Blowfish cipher in CBC mode.
JWE Decoder
Decode and analyze JWE (JSON Web Encryption) tokens showing their parts.
Secure Tweet Encryptor
Encrypt messages in blocks for secure sharing on social media.