Updated on 17.9.2024

How to install Fail2ban on Debian

Fail2ban is an intrusion prevention framework which works together with a packet-control system or firewall installed on your server and is commonly used to block connection attempts after several failed tries.

Installing Fail2ban

It operates by monitoring log files for certain types of entries and runs predetermined actions based on its findings. You can install the software with the following.

sudo aptitude install fail2ban

Once installed, copy the default jail.conf file to make a local configuration with this command.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then open the new local configuration file for editing with your favourite text editor, for example.

sudo nano /etc/fail2ban/jail.local

Scroll down to go through some of the settings available in the configuration file.

First up are the basic defaults for ignoreip, which allows you to exclude certain IP addresses from being banned, for example if your own computer has a fixed IP you can enter it here. Next, set the bantime, which determines how long an offending host will remain blocked until automatically unblocked. Lastly, check the find time and max retry counts, of which the find time sets the time window for the max retry attempts before the host IP attempting to connect is blocked.

[DEFAULT]
ignoreip = 127.0.0.1
bantime  = 3600 
findtime = 600
maxretry = 3

If you have a sendmail service configured on your cloud server, you can enable the email notifications from Fail2ban by entering your email address into the parameter destemail and changing the action = %(action_)s to action = %(action_mw)s.

Once you’ve done the basic configurations, check the different jails available in the configuration options. Jails are the rules which fail2ban applies to any given application or log file. SSH jail settings, which you can find at the top of the jails list, are enabled by default.

[sshd]
enabled = true

You can enable any other jail modules in the same fashion by editing the enabled parameter to true.

When you’ve enabled all the jails you wish, save the configuration file and exit the editor. Then you’ll need to restart the monitor with the following command.

sudo service fail2ban restart

With that done, you should now check your iptable rules for the newly added jail sections on each of the application modules you enabled.

sudo iptables -L

Any banned IP addresses will appear in the specific chains where the failed login attempts occurred. You can also manually ban and unban IP addresses from the services you defined jails for with the following commands.

sudo fail2ban-client set <jail> banip/unbanip <ip address>
# For example
sudo fail2ban-client set sshd unbanip 83.136.253.43

Fail2ban is a handy addition to the iptables and firewall access control in general; feel free to experiment with the configuration, and don’t worry if you get your own IP address banned; you can always log in through the web Console at your UpCloud Control Panel to unban yourself afterwards.

Janne Ruostemaa

Editor-in-Chief

  1. Hello, thanks for the article. Quick question. I installed the ufw firewall and needed to find out if I would need to setup fail2ban in a different way than just using iptables? I am not 100% sure if ufw and fail2ban work together without some tweaking and thought I’d check with you. Thank you again.

  2. Janne Ruostemaa

    Thanks for the good question, indeed it is possible to configure fail2ban work together with ufw but it will require a little extra work. We’ll certainly look into adding tutorials to cover other firewall options as well. In the meanwhile, there’s a quick explanation of the topic at https://askubuntu.com/questions/54771/potential-ufw-and-fail2ban-conflicts

  3. Hi,
    Can you update this blog to reflect the use of nftables instead of iptables for Debian 10 Buster?

    Thanks
    Glen

  4. Janne Ruostemaa

    Hi Glen, thanks for the comment. While iptables is still in active use on many cloud servers, there’s certainly need for a tutorial on how to configure Fail2ban on nftables so stay tuned.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top