My Wiki!

Setup fail2ban to mitigate DDOS

https://linuxhint.com/setup-ips-fail2ban/

Installation

  sudo apt-get install fail2ban
  sudo systemctl start fail2ban
  sudo systemctl enable fail2ban

Config:

  sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

    sudo vim /etc/fail2ban/jail.local

[DEFAULT]

ignoreip = 127.0.0.1/8 192.168.18.10/32

bantime = 10d

maxretry = 2

findtime = 600 

[sshd]

enable = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 3

    sudo systemctl restart fail2ban.service

See status:

  cat /var/log/fail2ban.log
  sudo fail2ban-client status 
  sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     3
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   61.177.172.145

Unban IP

  sudo fail2ban-client set sshd unbanip 192.168.43.35

Trace: • sobot • python_based_vagrant_alternative • ansible_kvm • fail2ban

Setup fail2ban to mitigate DDOS

Navigation

Search

Toolbox