Fail2ban

Fail2ban is an open-source intrusion prevention tool for Unix-like systems. It monitors log files for failed login attempts and other suspicious patterns, and automatically blocks offending hosts by updating firewall rules. The project is written in Python and relies on regular expressions to extract IP addresses from log messages.

Key concepts include jails, filters, and actions. A jail connects a log source (such as sshd or

Fail2ban uses backends for blocking. The most common is iptables or nftables, but it can couple with

Typical usage includes protecting services like sshd, Apache authentication, vsftpd, and generic TCP services. Logs are

Overall, fail2ban provides a configurable, lightweight layer of protection against brute-force attacks by dynamically blocking abusive