In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection attempts to closed ports, etc.) is activated. This should aid in blocking 'script-kiddies' and port-scanning attacks, reducing the resources your server has to allocate to processing bogus requests. F2B will automatically create UFW rules to drop connections from systems that try to make repeated invalid connection attempts and then remove the block automatically after the 'bantime' has expired. A special jail is also created for repeat offenders with much longer bantimes as an option.
Please consult the [wiki for this repo](https://git.asifbacchus.app/asif/fail2banUFW/wiki) for detailed instructions, explanations and reasoning behind every customization that is included in the configuration files in this repo. For a quick-start, just use this readme. More details can also be found on [my blog](https://mytechiethoughts.com). Also, all the configuration files are commented so you can just read those if you're already familiar with how F2B works.
If you need help getting Fail2Ban installed before using this repo to customize it, please see [this wiki post](https://git.asifbacchus.app/asif/fail2banUFW/wiki/02.-Installing-Fail2Ban).
Setup is very simple, especially using the included convenience script which will take care of backing up your existing configuration and copying customized files to the proper locations for you.
If your fail2ban configuration files are located somewhere other than */etc/fail2ban/* then you can pass that location to the script as a parameter. Let's assume */opt/fail2ban/* for this example (trailing slash is optional):
If you don't want to use the script, then you don't have to! The repo uses the same directory structure as a default Fail2Ban installation on Debian/Ubuntu so you can just copy the files you want to their proper locations.
If you want to undo the changes made by the convenience script, just find the affected files and copy the backups over the current files. For example, to restore your *jail.local* file: