Ban hosts that cause multiple authentication errors
  9 reviews

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

By default, it comes with filter expressions for various services (sshd, apache, proftpd, sasl, etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. Following recommends are listed:

- iptables/nftables -- default installation uses iptables for banning.
nftables is also supported. You most probably need it
- whois -- used by a number of *mail-whois* actions to send notification
emails with whois information about attacker hosts. Unless you will use
those you don't need whois
- python3-pyinotify -- unless you monitor services logs via systemd, you
need pyinotify for efficient monitoring for log files changes
Latest reviews
kennyhendrick2 3 years ago

Thanks fail2ban engineers and developers. Monopoly doesn't have anything on you guys!

viem 4 years ago

Click on Install and forget it! Works out of the box. (Mint 18)

zemos 5 years ago


alaint 8 years ago

love it

Gotenks 11 years ago

Simple and necessary for anyone with a public presence

enedene 11 years ago

Simple and works great. I use it on my server for years.

adirusf 11 years ago

I like this progam simple and efficient

another_mutant 11 years ago

protects vs logins on multiple protocols, other features I haven't tried yet.

digimaus 11 years ago

This is a great program and works very well especially against SSH attacks.