[DEFAULT] # Ban hosts for 1 hour after they perform 3 failed login attempts within 10 minutes # 600s内失败超过3次会ban3600s bantime = 3600 findtime = 600 maxretry = 3 # Never ban the following space-separated IP addresses/masks ignoreip = 127.0.0.1/8 # Override /etc/fail2ban/jail.d/00-firewalld.conf # to ensure that iptables will be used for firewall configuration banaction = iptables-multiport # Choose what to do when issuing a ban: # $(action_)s : [default] # sets the OS firewall to reject all incoming calls # from that IP address for the specified amount of time # $(action_mw)s : same as above + send and alert e-mail # $(action_mwl)s : same as above + adds relevant log lines to the e-mail # action = $(action_)s # Send fail2ban alerts & warnings to the following e-mail address destemail = web@ryadel.com sendername = Fail2Ban mta = sendmail
[sshd] # Enables the sshd jail enabled = true
Cascading rules
It’s worth noting that the jail.conf file can also be overridden by any .conf file present in the/etc/fail2ban/jail.d/ folder: similarly, the jail.local file we just added can also be overridden by any .local file present in that same folder. Here’s the cascading order:
/etc/fail2ban/jail.conf
/etc/fail2ban/jail.d/*.conf (from first to last, sorted alphabetically)
/etc/fail2ban/jail.local
/etc/fail2ban/jail.d/*.local (from first to last, sorted alphabetically)
Regardless how you choose to configure it, be sure to restart the Fail2ban services after you change any of these files:
