Skip to main content

Fail2Ban Reference & Useful Commands

Category: All About Ubuntu
Last Updated: May 11, 2025
Applies To: Ubuntu Server 22.04+

ThisFail2Ban pageJail outlinesConfiguration

essential

Fail2Ban fail2ban-clientjails commandscontrol how long an IP remains banned after matching filters. To increase ban duration (e.g., to help48 monitor,hours):

manage,

Configuration File

sudo nano /etc/fail2ban/jail.local

Example Jail Settings for SSH and interactUFW withBlock:

Fail2Ban
[sshd]
jails.enabled These= aretrue
especiallyport    useful= whenssh
securinglogpath SSH= access%(sshd_log)s
orbantime reviewing= suspicious172800
loginfindtime attempts.= 600
maxretry = 3

[ufw-block]
enabled = true
filter  = ufw-block
logpath = /var/log/ufw.log
bantime = 172800
findtime = 600
maxretry = 3

bantime is in seconds → 172800 equals 48 hours
findtime is the window (in seconds) to detect repeated offenses
maxretry is the number of failed attempts before banning

After changes:

sudo systemctl restart fail2ban

Useful Commands

📊GeneralStatusOverview



















Lists
all active jails and global stats.





🔎 Check
Returns:
  • file being watched
    



    📋 List Banned IPs
    

    Displays
    all IP addresses currently banned for that jail.
    


    ⏱️ Check Ban Duration
    

    sudo fail2ban-client get sshd bantime
    

    

    Outputs the current bantime (in seconds) configured for the jail.
    

    

    🔄 
    

    Manually
    removeIP from the list.
    


    🪵 View Real-Time Ban Events
    

    







    


    
Task
Command
    Check fail2ban service statussudo systemctl status fail2ban
    Start fail2bansudo systemctl start fail2ban
    Restart fail2bansudo systemctl restart fail2ban
    View all jail statusessudo fail2ban-client status

    

    
View a Specificspecific Jailjail (e.g., SSH)sshd)
sudo fail2ban-client status sshd

    

    
See 
    Current failed attempts
    


  • 

    Total failed attempts
    

    • 

  • 

    Currentlycurrently banned IPs
     
    • in 
  • a 
    Logjail
    		• 
sudo fail2ban-client get sshd banned

    

    
Unban an IP 
    from a jail
    		sudo fail2ban-client set sshd unbanip <ip-addressIP>

    

    
Get ignore list for a bannedjail
sudo tailfail2ban-client -fget sshd ignoreip
    Manually test a filter (dry run)fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
    

    Filter & Jail File Paths
    



















    






    File PurposePath
    Jail configuration/etc/fail2ban/jail.local
    Custom filters/etc/fail2ban/filter.d/
    Fail2Ban main log/var/log/fail2ban.log

    UFW log (for ufw-block)/var/log/ufw.log
    

    Notes
    

      

    • 

      Use thisignoreip to monitorexempt loginsafe failuresIPs and(including ban actions in real time.local/DDNS).
      

      • 

      🔁 Restart Fail2Ban
      

      sudo systemctl restart fail2ban
      

    • 

      RestartConsider therotating logs weekly to avoid bloated logs.
      

      • 

    • 

      Fail2Ban servicecan afterbe modifyingextended configsto orcover jailother files.services (Apache, Postfix, etc.).
      

      • 


    
    
            
    
    
    

            
    
        
    
    
    

    
    

    
    
    
        
    
            
    
    
 Back to top