Daemon that scans logs and bans IPs with repeated authentication failures
- Stars18k
- Forks1.5k
- Open Issues265
Other
- Python
- Shell
- Perl
About Fail2Ban
Fail2Ban scans log files such as /var/log/auth.log and updates firewall rules to reject connections from IP addresses that trigger too many failed login attempts. It curbs repeated authentication abuse against services like sshd and Apache, with configurable ban times and log sources.
It reads standard system logs out of the box and can be pointed at any other logs and error patterns you define. Since v0.10 it can match IPv6 addresses. A fail2ban-client command manages and queries the running daemon, so jails can be reloaded, banned IPs unbanned, and status checked live.
It runs as a lightweight daemon on Linux, BSD, and macOS, packaged in most distributions. Ban filters and actions are fully customizable, letting you tune detection thresholds and choose how offenders are blocked across firewall back ends.
Key features
- Scans log files for repeated authentication errors
- Bans source IPs by updating firewall rules
- Configurable ban duration
- Reads standard logs such as sshd and Apache
- IPv6 address matching support
Details
- First released
- 2011
- Platforms
- Linux · macOS · BSD
- Deployment
- Self-hostable
- Language
- Python
- Interface
- CLI · daemon
- License
- GPL-2.0-or-later