Configuration of fail2ban with UFW
Installation
sudo apt-get install fail2ban
Prepare main configuration file
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the configuration file jail.local, the following parameters can be adjusted
bantime = 720m # How long to block an abusive IP
findtime = 120m # Time period to check the connections
maxretry = 3 # Within the above time period, block the abusive IP if the number of the abusive IP connections reaches the maxretry
banaction = ufw
banaction_allports = ufw
destemail = example@example.com
sender = example@example.com
ignoreip = 127.0.0.1/8 ::1 # Ignore these IP, Hosts, IP ranges during operation
Turn on jails by editing /etc/fail2ban/jail.d/defaults-debian.conf, sshd is enabled by default, here we turn on postfix jail as well
[sshd]
enabled = true
[postfix]
enabled = true
Adjust the filter mode in jail.local, here for example we adjust the postfix filter mode to aggressive for stricter filter
[postfix]
mode = aggressive
Restart or reload fail2ban
sudo service fail2ban restart
sudo service fail2ban reload
Check fail2ban status
sudo fail2ban-client status
sudo fail2ban-client status sshd