Return to Answer

We can confirm that fail2ban is banning traffic on the correct ports with a command like this:

We can confirm that fail2ban is banning traffic on the correct ports with a command like this (if you see nothing where I've got multiport… then it's considering all ports):

Now let's look at your fail2ban.conf, which can be overridden with fail2ban.local or by adding sections to fail2ban.d/:

To allow the bans to be managed this long, I've increased dbpurgeage=2462400 (four weeks and 12 hours).

We can confirm that fail2ban is banning traffic on the correct ports with a command like this:

iptables -nvL INPUT | awk '!($1+0) || /f2b-/'

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
77182   11M f2b-sshd   6    --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,63xxx    

Now let's look at your fail2ban.conf, which can be overridden with fail2ban.local or by adding sections to fail2ban.d/:

To allow the bans to be managed this long, I've increased dbpurgeage=2462400 (four weeks and 12 hours).

I also have used a slightly different rule action that bans a host entirely, not just against specific ports such as 22 or 63xxx. But that's for a different day.

Now let's look at your fail2ban.conf, which can be overridden with fail2ban.local or by adding sections to fail2ban.d/:

The only gotcha is the throwaway comment, "I changed my ssh port to 63xxx". You need to tell fail2ban you've done this!!

[sshd]
enabled = true
port    = ssh,63xxx
logpath = %(sshd_log)s
backend = %(sshd_backend)s

Now let's look at your fail2ban.conf, which can be overridden with fail2ban.local or by adding sections to fail2ban.d/: