Fail2ban protects the server from brute-force attacks by automatically blocking IP addresses after several failed login attempts. Below: installation, configuration, ban management, and whitelist.
Applies to:
✔ VPS
✔ Dedicated servers
✔ Linux
Debian/Ubuntu:
apt install fail2ban -y
CentOS/AlmaLinux:
yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban
Do not edit jail.conf directly. Create /etc/fail2ban/jail.local:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
ignoreip = 127.0.0.1/8
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
Parameters:
bantime: ban duration in seconds (3600 = 1 hour)findtime: time window for counting attemptsmaxretry: number of attempts before banignoreip: IP addresses that are never bannedsystemctl restart fail2ban
fail2ban-client status
Status of a specific jail:
fail2ban-client status sshd
fail2ban-client set sshd unbanip IP_ADDRESS
Add your IP to ignoreip in /etc/fail2ban/jail.local:
[DEFAULT]
ignoreip = 127.0.0.1/8 YOUR_IP
You can specify a subnet:
ignoreip = 127.0.0.1/8 192.168.0.0/16 YOUR_IP
systemctl restart fail2ban
For Nginx (HTTP Basic Auth brute-force protection):
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
tail -50 /var/log/fail2ban.log
fail2ban-client status sshd
Verify that the jail is active and your IP is not in the banned list.
If fail2ban blocks legitimate users too often, increase maxretry or add the necessary IPs to ignoreip. If you need help with configuration, open a support ticket.