Configuration of fail2ban with UFW

Posted on

Installation

sudo apt-get install fail2ban

Prepare main configuration file

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration file jail.local, the following parameters can be adjusted

bantime = 720m # How long to block an abusive IP
findtime = 120m # Time period to check the connections
maxretry = 3 # Within the above time period, block the abusive IP if the number of the abusive IP connections reaches the maxretry
banaction = ufw
banaction_allports = ufw
destemail = [email protected]
sender = [email protected]
ignoreip = 127.0.0.1/8 ::1 # Ignore these IP, Hosts, IP ranges during operation

Turn on jails by editing /etc/fail2ban/jail.d/defaults-debian.conf, sshd is enabled by default, here we turn on postfix jail as well

[sshd]
enabled = true
[postfix]
enabled = true

Adjust the filter mode in jail.local, here for example we adjust the postfix filter mode to aggressive for stricter filter

[postfix]
mode = aggressive

Restart or reload fail2ban

sudo service fail2ban restart
sudo service fail2ban reload

Check fail2ban status

sudo fail2ban-client status
sudo fail2ban-client status sshd

---