Fail2Ban is a program that monitors failed login attempts and automatically blocks access.


On Fedora, install the fail2ban package.

On CentOS or RedHat Enterprise Linux, install the package from EPEL.


Make any changes to /etc/fail2ban/jail.local. The default settings and the configuration documentation can be viewed at /etc/fail2ban/jail.conf.

I am currently using the following configuration:

# Ban hosts in seconds
# One month
bantime = 2592000

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

ignoreip =

# 12 hours, 3 fail
findtime = 43200
maxretry = 3

enabled = true


Start Fail2Ban:

systemctl start fail2ban
systemctl enable fail2ban

You can check the status by reading the fail2ban log.

tail -f /var/log/fail2ban.log

IPTables should also be automatically updated when bans happen. You should see a f2b-sshd chain in IPTables for SSH bans.

See Also[edit]