Why as a system package?
I installed Fail2Ban as a system package together with a system-wide /
root-level configuration, because I want a malicious attacker to be stopped as soon as possible, instead of further down the chain. I use, e.g., firewalld on aroot-level, too for the exact same reason.
Install
Fedora
sudo dnf install fail2banFirewalld
As I use firewalld, I make sure fail2ban-firewalld was installed together with the main package.
The default banaction under /etc/fail2ban/jail.d/00-firewalld.local didn’t work for me, as it is ignored on forwarded ports.
Therefore, I had to create /etc/fail2ban/jail.local, with the following content:
[DEFAULT]
banaction = firewallcmd-ipset
banaction_allports = firewallcmd-ipsetEnable
sudo systemctl enable fail2banStart
sudo systemctl start fail2banRestart
After any config change, you need to restart Fail2Ban
sudo systemctl restart fail2banDefaults
I set some (further) defaults in /etc/fail2ban/jail.local under the [DEFAULT] section
[DEFAULT]
maxretry = 5
bantime = 600
findtime = 600
bantime.increment = true
bantime.factor = 1
bantime.multipliers = 1 6 18 144 288 2016 4032 12096The multipliers increase the bantime (initial time: 600 = 10 minutes) each time, namely to
- 10 min
- 60 min
- 3 hours
- 1 day
- 2 days
- 14 days / 2 weeks
- 28 days (approx. 1 month)
- 84 days (approx. 3 months)