Ensure your system is up to date:
sudo apt-get update && apt-get upgrade -y
sudo apt-get install fail2ban
Once installed, copy the default jail.conf file to make a local configuration with this
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Then open the new local configuration file for edit with your favourite text editor, for example (nano/vi)
sudo nano /etc/fail2ban/jail.local
Scroll down to go through some of the settings available in the configuration file.
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 3
If you have a sendmail service configured on your cloud server, you can enable the email notifications from Fail2ban by entering your email address to the
parameter destemail and changing the action = %(action_)s to action = %(action_mw)s.
SSH jail settings, which you can find at the top of the jails list, are enabled by default.
enabled = true
You can enable any other jail modules in the same fashion by editing
the enabled parameter to true.
When you’ve enabled all the jails you wish, save the configuration file and exit the editor.
Then you’ll need to restart the monitor with the following command
sudo service fail2ban restart
Any banned IP addresses will appear in the specific chains that the failed login attempts
occurred at. You can also manually ban and unban IP addresses from the services you
defined jails for with the following commands.
sudo fail2ban-client set banip/unbanip
# For example
sudo fail2ban-client set sshd unbanip 126.96.36.199
Fail2ban is a handy addition to the iptables and firewall access control in general, feel free to experiment with the configuration and don’t worry if you get your own IP address banned
For additional information about fail2ban-client commands, see the Fail2ban