Question

Change default fail2ban settings

I am trying to change the default behaviour of Fail2Ban and my changes don’t seem to be reflected in what I am seeing in my bans.

I followed multiple tutorials that are provided, but I am still confused on a couple of things. To make clear, I am editing my jail.local file.

I changed the settings for bantime (line 59), findtime (line 63) and maxretry (line 66). I was under the impression that these were the default settings, but they seem not to have affected sshd attempts.

After editing the maxretry and bantime I ran sudo systemctl reload sshd, which I thought would apply the changes I made, but it doesn’t seem so. I get emails when a ban has occurred and I am getting told that the IP was banned after 5 attempts, even though line 66 says 3.

Additionally, on line 106, it says # "enabled" enables the jails , it explains that all jails are disabled by default and then on line 112 there is this setting, enabled = false. Am I to assume that this means, unless I specific put the setting, enabled = true on one of the services from line 208 and downward, they are not active?

This confuses me because I have not put enabled = true on anything, yet Fail2Ban is still banning IPs. The only enabled = true setting is on line 24 and it is commented out. Do I need to go to line 215 and put an enabled = true to make my settings take effect? Do I have to do that for every service?

As you can tell, I am pretty confused by all of this. Any clarity would be greatly appreciated.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer