How do I ban an attacker IP with Fail2Ban manually by command line?
You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:
ufw insert 1 deny from <ip> to any
But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING
to your jail.conf
, and then create ufw-SOMETHING.conf
in the /etc/fail2ban/action.d/
folder with the following content:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any
This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban
command.
fail2ban-client set jail_name banip xx.xx.xx.xx
fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
Check the jail where to add the IP using fail2ban-client status
Both commands may require to be executed as sudoer. In this case add a sudo
before them.