- previous versions accepted 'all' - newer versions require explicit port range
|5 months ago|
|etc/fail2ban||5 months ago|
|.gitattributes||3 years ago|
|.gitignore||5 months ago|
|README.md||3 years ago|
|f2b-config.sh||3 years ago|
Fail2Ban: Block port probes on an exposed system
This is a basic set up for Fail2Ban on an system that is directly exposed to the internet (i.e. not behind a separate firewall).
This set-up assumes you are using UFW as your firewall front-end and it is working correctly.
In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection attempts to closed ports, etc.) is activated. This should aid in blocking 'script-kiddies' and port-scanning attacks, reducing the resources your server has to allocate to processing bogus requests. F2B will automatically create UFW rules to drop connections from systems that try to make repeated invalid connection attempts and then remove the block automatically after the 'bantime' has expired. A special jail is also created for repeat offenders with much longer bantimes as an option.
Please consult the wiki for this repo for detailed instructions, explanations and reasoning behind every customization that is included in the configuration files in this repo. For a quick-start, just use this readme. More details can also be found on my blog. Also, all the configuration files are commented so you can just read those if you're already familiar with how F2B works.
Getting set up
If you need help getting Fail2Ban installed before using this repo to customize it, please see this wiki post.
Setup is very simple, especially using the included convenience script which will take care of backing up your existing configuration and copying customized files to the proper locations for you.
- Clone this repository or download a release.
- Switch to the repo directory and run the f2b-config.sh as ROOT or via SUDO.
cd fail2banUFW # as root ./f2b-config.sh # using sudo sudo ./f2b-config.sh
If your fail2ban configuration files are located somewhere other than /etc/fail2ban/ then you can pass that location to the script as a parameter. Let's assume /opt/fail2ban/ for this example (trailing slash is optional):
If you don't want to use the script, then you don't have to! The repo uses the same directory structure as a default Fail2Ban installation on Debian/Ubuntu so you can just copy the files you want to their proper locations.
If you want to undo the changes made by the convenience script, just find the affected files and copy the backups over the current files. For example, to restore your jail.local file:
cp /etc/fail2ban/jail.local.original /etc/fail2ban/jail.local
I hope this helps you in dealing with your server getting bombarded by irritating scanning-bots. As always, check out my blog at https://mytechiethoughts.com for more solutions like this and feel free to contribute comments, suggestions and improvements!
If you find any bugs, want to make suggestions or have a better idea of how to set things up, feel free to post an issue, please!