Fail2ban

From NixOS Wiki
Revision as of 20:33, 9 August 2021 by imported>Noisypine (Created page with "Fail2ban is an intrusion prevention software. It scans through log files to find signs of malicious intent. In general, Fail2ban will update the firewall rules to reject the o...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Fail2ban is an intrusion prevention software. It scans through log files to find signs of malicious intent. In general, Fail2ban will update the firewall rules to reject the offending IP address for a set amount of time.

Basic Fail2ban Usage

This option will enable Fail2ban and use the default settings.

  services.fail2ban.enable = true;

Customization

The 'maxretry' option allows you to specify how many failures are required for an IP address to be blocked. To prevent being locked out accidentally, the 'ignoreIP' option can be used to prevent IP addresses and IP ranges from being blocked. In this example, common LAN IP address ranges and loopback IP address ranges are being ignored as well as the specific IP '8.8.8.8'.

  services.fail2ban = {
    enable = true;
    maxretry = 5;
    ignoreIP = [
      "127.0.0.0/8" 
      "10.0.0.0/8" 
      "172.16.0.0/12" 
      "192.168.0.0/16"
      "8.8.8.8"
    ];
  };