Fail2ban is a powerful security tool that helps protect your server from unauthorized access and brute-force attacks by monitoring log files and banning IPs that show malicious signs.
✅ Status Controls
- Start: Activates Fail2ban monitoring(activated by default).
- Stop: Deactivates Fail2ban protection.
- Status: Displays whether Fail2ban is currently running.
Whitelist
IP addresses in the Whitelist are always allowed access and will never be banned by Fail2ban.
Use this section to ensure your trusted IPs (e.g., internal admin users) are never mistakenly blocked.
Settings
These settings control how Fail2ban detects and handles suspicious behavior:
- Ban Time: The duration (in seconds) that an IP address remains banned.
- Find Time: The time window (in seconds) in which failures are counted.
- Max Retries: The maximum number of failed login attempts allowed before banning an IP.
You can adjust these settings by clicking the pencil icon under the Edit column.
The Reset button is used to revert changes made
Blacklist
The Blacklist in Fail2ban shows the IP addresses that have been automatically banned based on the active monitoring rules and security settings.
Once the ban time expires, the IP is automatically removed unless it’s caught again.
In the Action column, clicking it will manually remove (unban) the IP from the blacklist before the ban time expires.