We can confirm that fail2ban
is banning traffic on the correct ports with a command like this:
iptables -nvL INPUT | awk '!($1+0) || /f2b-/'
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
77182 11M f2b-sshd 6 -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22,63xxx
Now let's look at your fail2ban.conf
, which can be overridden with fail2ban.local
or by adding sections to fail2ban.d/
:
To allow the bans to be managed this long, I've increased dbpurgeage=2462400
(four weeks and 12 hours).
I also have used a slightly different rule action that bans a host entirely, not just against specific ports such as 22 or 63xxx. But that's for a different day.