Since fail2ban Version 0.10 IPv6 is supported. I used fail2ban in conjunction with ufw. I found that only IPv4 addresses are blocked. This is unfavorable.
Failed to execute ban jail 'nginx-noscript' action 'ufw' info 'ActionInfo({'ip': '2400:xx:xx:xx::xx', 'family': 'inet6', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fbe026ee820>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fbe026eeee0>})': Error banning '2400:xx:xx:xx::xx'
According to the fail2ban changelog it says that not all banactions have been extended to IPv6 yet. Does anyone know a reliable way to get fail2ban to block IPv4 and IPv6?
I wouldn't worry too much about it. I'm seeing virtually no malicious traffic on IPv6 that would trigger fail2ban anyway, over a variety of public hosts. All the banactions will eventually get IPv6 support, but if you know any Python you can consider helping by adding the missing support yourself and submitting patches.
That said, the most performant banaction you can use with ufw is
iptables-ipset-*, and using the IPv6 version of these banactions will apply to both IPv6 and IPv4.