Setting up fail2ban

Fail2ban monitors log files and bans IPs that show malicious behavior. It's essential for any internet-facing server, especially for protecting SSH.

To check which jails are currently active:

fail2ban-client status

This lists all enabled jails. For most servers, you'll at least have the sshd jail active.

To see detailed status for a specific jail like sshd:

fail2ban-client status sshd

This shows the number of currently banned IPs, total banned count, and the actual list of banned addresses.

To quickly see all banned IPs across all jails:

fail2ban-client banned

Once configured, fail2ban runs quietly in the background, automatically banning IPs after repeated failed authentication attempts. Check the status periodically to see how much malicious traffic your server is blocking.