Table of Contents
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Configure Fail2Ban with UFW to block port probing
This is a basic set up for Fail2Ban on an system that is directly exposed to the internet (i.e. not behind a separate firewall).
This set-up assumes you are using UFW as your firewall front-end and it is working correctly.
In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection attempts to closed ports, etc.) is activated. This should aid in blocking ‘scriptkiddies’ and port-scanning attacks, reducing the resources your server has to allocate to processing bogus requests. F2B will automatically create UFW rules to drop connections from systems that try to make repeated invalid connection attempts and then remove the block automatically after the 'bantime' has expired.
This configuration goes one step further and also enacts a recidivist jail whereby repeat offenders are blocked for a much longer period of time. Again, the block is automatically removed upon expiration of this increased 'bantime'.
While the readme contains the basic steps for getting setup, this wiki will go into detail about each setting, reasoning behind them and how you can customize things to work for your environment. The wiki is presented in the order of installation, configuration and customization.
The repo on my private git will always contain the most up-to-date version of this script, issue tracking and this wiki while the mirror on GitHub will be updated usually within 48 hours.
As always, I encourage feedback and suggestions as well as any help in correcting errors or making this script more useful. File an issue if you find something or have requests. I'm by no means a scripting or a F2B expert, but I hope you find this useful :-)