====== Ubuntu - Fail2Ban - Configure Fail2Ban ======

===== Default fail2ban Configuration =====

The default configuration is defined in **/etc/fail2ban/jail.conf**.

Here are salient lines from the default configuration:

<file bash /etc/fail2ban/jail.conf>
# line 87 : ignore your own local IP
#ignoreself = true

# line 92 : possible to add ignored networks
#ignoreip = 127.0.0.1/8 ::1

# line 101 : number of seconds that a host is banned
# - 1m ⇒ 1 minutes
# - 1h ⇒ 1 houer
# - 1d ⇒ 1 day
# - 1mo ⇒ 1 month
# - 1y ⇒ 1 year
bantime  = 10m

# line 105 : A host is banned if it has generated "maxretry" during the last "findtime"
findtime  = 10m

# line 108 : "maxretry" is the number of failures before a host get banned
maxretry = 5

# line 178 : destination email address if enabling email notification
destemail = root@localhost

# line 181 : sender address if enabling email notification
sender = root@<fq-hostname>

# line 263 : default action
# - %(action_)s ⇒ ban only
# - %(action_mw)s ⇒ band and email notification (includes Whois info)
# - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs)
action = %(action_)s
</file>

<WRAP important>
**WARNING:** The default values ​​may change with package updates, so if you want to change the settings, create a **jail.local** file and modify it.
</WRAP>

----

===== Override the default values =====

As root, create a **/etc/fail2ban/jail.local** file.

<file bash /etc/fail2ban/jail.local>
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime  = 1d
findtime  = 5m
maxretry = 5
destemail = root@localhost
sender = root@mediaserver
</file>

----

===== Restart Fail2Ban =====

<code bash>
sudo systemctl restart fail2ban
</code>

----