Setting up fail2ban on Ubuntu Server 16.04 Xenial


# apt-get update
# apt-get install fail2ban


This is a working example configuration. All code blocks below the headers belongs the the same file.


Never ban specified IP in any jails

ignoreip = <ip>

If sshd is listening on a non-default port, specify it with the port option.

enabled = true
port = 2222
bantime = 7200 ; two hours

Ban clients that matches filter in the specified logpath

enabled = true
logpath = /var/log/ufw.log
filter = ufw-block
findtime = 180 ; three minutes
maxretry = 5
bantime = 3600 ; one hours

The recidive jail will ban clients that have been banned before. See /etc/fail2ban/jail.conf

enabled = true
bantime = 86400 ; one day


Match BLOCK events from ufw.

failregex = UFW BLOCK.* SRC=<HOST>

Helpful commands

Get information about a jail, including banned IPs and/or hostnames

# fail2ban-client status <JAIL>

Unban an IP address

# fail2ban set <JAIL> unbanip <IP>