I am trying to change the default behaviour of Fail2Ban and my changes don’t seem to be reflected in what I am seeing in my bans.
I followed multiple tutorials that are provided, but I am still confused on a couple of things. To make clear, I am editing my jail.local file.
I changed the settings for bantime (line 59), findtime (line 63) and maxretry (line 66). I was under the impression that these were the default settings, but they seem not to have affected sshd attempts.
After editing the maxretry and bantime I ran sudo systemctl reload sshd, which I thought would apply the changes I made, but it doesn’t seem so. I get emails when a ban has occurred and I am getting told that the IP was banned after 5 attempts, even though line 66 says 3.
Additionally, on line 106, it says # "enabled" enables the jails , it explains that all jails are disabled by default and then on line 112 there is this setting, enabled = false. Am I to assume that this means, unless I specific put the setting, enabled = true on one of the services from line 208 and downward, they are not active?
This confuses me because I have not put enabled = true on anything, yet Fail2Ban is still banning IPs. The only enabled = true setting is on line 24 and it is commented out. Do I need to go to line 215 and put an enabled = true to make my settings take effect? Do I have to do that for every service?
As you can tell, I am pretty confused by all of this. Any clarity would be greatly appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello,
After reading the question, I noticed a few things which can help you understand the problem better and how to proceed in such situations
After editing the jail.local file, you need to reload Fail2Ban to apply your changes. The command you used, sudo systemctl reload sshd, only reloads the SSHD service, not Fail2Ban.
By default, all jails are disabled in Fail2Ban, as mentioned in the configuration file. However, some distributions may enable certain jails by default, such as the SSH jail. The enabled setting in the configuration file can be set to either true or false. If you want to enable a specific jail, you need to add enabled = true under the corresponding jail section in your jail.local file.
For example, to enable the SSH jail with your custom settings, you should have a section like this in your jail.local file:
[sshd]
enabled = true
bantime = your_bantime_value
findtime = your_findtime_value
maxretry = your_maxretry_value
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.