fail2ban 0.9

With the recent release of fail2ban 0.9 there are very important improvements to the journal and firewalld integration. With these simple configurations, I get fail2ban working in Fedora 20 without a syslog daemon and avoiding being DOSed  by a local user.

/etc/fail2ban/fail2ban.local

[Definition]
loglevel = INFO
logtarget = SYSLOG

In /etc/fail2ban/jail.local we set the backend to systemd, so we monitor directly the journal, we also choose as default action firewallcmd-ipset, so the rules are inserted with firewall-cmd and use the ipset facility. Finally, all the jails needed are enabled.

[DEFAULT]
backend = systemd
banaction = firewallcmd-ipset
bantime = 3600

[sshd]
enabled = true

[postfix]
enabled = true

[dovecot]
enabled = true

Updated on September 9 2014: As ipset holds its own timeout, we have to configure it in the actions file /etc/fail2ban/action.d/firewallcmd-ipset.local

[Init]
bantime = 3600

To check the contents of the IP sets:

# ipset list Name: fail2ban-sshd Type: hash:ip Revision: 2 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 16664 References: 1 Members: 61.153.105.66 timeout 2817 116.10.191.178 timeout 3178

Name: fail2ban-postfix Type: hash:ip Revision: 2 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 16504 References: 1 Members:

See also

• From Fail2ban to Reaction
• Tips for running Fedora in a Raspberry Pi 2
• Modoboa for Fedora
• Restore EFI boot entry
• Configure fail2ban in Fedora 20 to use firewall-cmd and ipset