Fail2Ban Reference & Useful Commands
Category: All About Ubuntu
Last Updated: May 11, 2025
Applies To: Ubuntu Server 22.04+
Fail2Ban Jail Configuration
Fail2Ban jails control how long an IP remains banned after matching filters. To increase ban duration (e.g., to 48 hours):
Configuration File
sudo nano /etc/fail2ban/jail.localExample Jail Settings for SSH and UFW Block:
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
bantime = 172800
findtime = 600
maxretry = 3
[ufw-block]
enabled = true
filter = ufw-block
logpath = /var/log/ufw.log
bantime = 172800
findtime = 600
maxretry = 3
✅ bantime is in seconds → 172800 equals 48 hours
✅ findtime is the window (in seconds) to detect repeated offenses
✅ maxretry is the number of failed attempts before banning
After changes:
sudo systemctl restart fail2banUseful Commands
| Task | Command |
|---|---|
| Check fail2ban service status | sudo systemctl status fail2ban |
| Start fail2ban | sudo systemctl start fail2ban |
| Restart fail2ban | sudo systemctl restart fail2ban |
| View all jail statuses | sudo fail2ban-client status |
| View a specific jail (e.g., sshd) | sudo fail2ban-client status sshd |
| See currently banned IPs in a jail | sudo fail2ban-client get sshd banned |
| Unban an IP from a jail | sudo fail2ban-client set sshd unbanip <IP> |
| Get ignore list for a jail | sudo fail2ban-client get sshd ignoreip |
| Manually test a filter (dry run) | fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf |
Filter & Jail File Paths
| File Purpose | Path |
|---|---|
| Jail configuration | /etc/fail2ban/jail.local |
| Custom filters | /etc/fail2ban/filter.d/ |
| Fail2Ban main log | /var/log/fail2ban.log |
| UFW log (for ufw-block) | /var/log/ufw.log |
Notes
-
Use
ignoreipto exempt safe IPs (including local/DDNS). -
Consider rotating logs weekly to avoid bloated logs.
-
Fail2Ban can be extended to cover other services (Apache, Postfix, etc.).