Fail2ban is an intrusion prevention tool written in Python.
It scans the log files of various services and bans any IPs that are found to do undesirable things, brute force attacks, bad requests, script injection for example. It also updates the firewall rules to reject these ip addresses for a specified amount of time, perhaps for minutes or for days.
Most of the filters that Fail2ban comes with are specifically for Apache and other default Linux services. I like to use Nginx as my webserver and there wasn’t that much around to guide me on my way, so here is a github repo I’ve forked and then put together to store my own personal settings.
You only need concern yourself with two things:
In /etc/fail2ban/ you should have a jail.local file, this holds your own defaults and settings which won’t be wiped if jail.conf is updated.
In the [DEFAULT] section of this file you can add two things, one is a list of ignored ip addresses (separated by spaces), handy for developing, and the other is your email address if you want to receive email about bans.
[DEFAULT]
ignoreip = 127.0.0.1
findtime = 600
bantime = 900
maxretry = 3
destemail =
In /etc/fail2ban/filter.d are the filters that parse the log files Nginx creates. The Nginx specific ones are prefixed by nginx-*