maxretry<\/em> counts, of which the find time sets the time window for the max retry attempts before the host IP attempting to connect is blocked.<\/p>\n\n\n\n[DEFAULT]\nignoreip = 127.0.0.1\/8 ::1\nbantime = 10m\nfindtime = 10m\nmaxretry = 5<\/pre>\n\n\n\nIf you have a sendmail service configured on your cloud server, you can enable the email notifications from Fail2ban by entering your email address into the parameter destemail<\/em> and changing the action = %(action_)s<\/em> to action = %(action_mw)s.<\/em><\/p>\n\n\n\nOnce you\u2019ve done the basic configurations, check the different jails available in the configuration options. Jails are the rules which fail2ban applies to any given application or log file.<\/p>\n\n\n\n
SSH jail settings, which you can find at the top of the jails list, are disabled by default. You should turn them on by adding enabled = true <\/em>in the SSH jail section.<\/p>\n\n\n\n[sshd]\nenabled = true<\/pre>\n\n\n\nYou can enable any other jail modules in the same fashion by adding the same line just below any jail header like [sshd]<\/em> in this example above.<\/p>\n\n\n\nWhen you\u2019ve enabled all the jails you wish, save the configuration file and exit the editor. Then you\u2019ll need to restart the monitor with the following command<\/p>\n\n\n\n
sudo systemctl restart fail2ban<\/pre>\n\n\n\nWith that done, you should now check your iptable rules for the newly added jail sections on each of the application modules you enabled.<\/p>\n\n\n\n
sudo iptables -L<\/pre>\n\n\n\nAny banned IP addresses will appear in the specific chains where the failed login attempts occurred at. You can also manually ban and unban IP addresses from the services you defined jails for with the following commands.<\/p>\n\n\n\n
sudo fail2ban-client set <jail> banip\/unbanip <ip address>\n# For example\nsudo fail2ban-client set sshd unbanip 83.136.253.43<\/pre>\n\n\n\nFail2ban is a handy addition to a firewall access control in general, feel free to experiment with the configuration and don\u2019t worry if you get your IP address banned, you can always log in through the web Console at your UpCloud Control Panel<\/a> to unban yourself afterwards.<\/p>\n","protected":false},"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","community-category":[121],"class_list":["post-24620","tutorial","type-tutorial","status-publish","hentry","community-category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial\/24620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/types\/tutorial"}],"replies":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/comments?post=24620"}],"wp:attachment":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media?parent=24620"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/community-category?post=24620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}