ubuntu:fail2ban:configure_fail2ban
Table of Contents
Ubuntu - Fail2Ban - Configure Fail2Ban
Default fail2ban Configuration
The default configuration is defined in /etc/fail2ban/jail.conf.
Here are salient lines from the default configuration:
- /etc/fail2ban/jail.conf
# line 87 : ignore your own local IP #ignoreself = true # line 92 : possible to add ignored networks #ignoreip = 127.0.0.1/8 ::1 # line 101 : number of seconds that a host is banned # - 1m ⇒ 1 minutes # - 1h ⇒ 1 houer # - 1d ⇒ 1 day # - 1mo ⇒ 1 month # - 1y ⇒ 1 year bantime = 10m # line 105 : A host is banned if it has generated "maxretry" during the last "findtime" findtime = 10m # line 108 : "maxretry" is the number of failures before a host get banned maxretry = 5 # line 178 : destination email address if enabling email notification destemail = root@localhost # line 181 : sender address if enabling email notification sender = root@<fq-hostname> # line 263 : default action # - %(action_)s ⇒ ban only # - %(action_mw)s ⇒ band and email notification (includes Whois info) # - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs) action = %(action_)s
WARNING: The default values may change with package updates, so if you want to change the settings, create a jail.local file and modify it.
Override the default values
As root, create a /etc/fail2ban/jail.local file.
- /etc/fail2ban/jail.local
[DEFAULT] ignoreip = 127.0.0.1/8 ::1 bantime = 1d findtime = 5m maxretry = 5 destemail = root@localhost sender = root@mediaserver
Restart Fail2Ban
sudo systemctl restart fail2ban
ubuntu/fail2ban/configure_fail2ban.txt · Last modified: 2025/05/30 20:57 by peter