Will running both fail2ban and ufw cause problems? I noticed that fail2ban modifies iptables rules, but ufw already has a ton of iptables rules defined... so I'm not sure if fail2ban will mess these up.
Will running both fail2ban and ufw cause problems? I noticed that fail2ban modifies iptables rules, but ufw already has a ton of iptables rules defined... so I'm not sure if fail2ban will mess these up.
You can use ufw and fail2b together, but as indicated earlier, the order of (ufw) rules is what is important.
Out of the box, fail2ban uses iptables and inserts rules first in the INPUT chain. This will not do any harm or conflict with ufw.
If you wish to fully integrate fail2ban to use ufw (rather then iptables). You will need to edit a number of files including
jail.local is where you define your services , including what port they are listening on (think changing ssh to a non-default port) and what action to take.
**Please note*: Never ever edit
jail.conf, your changes should be made injail.local
! That file begins with this:Using ssh as an example, note the definition of a non-default port as well =)
You then configure fail2ban to use ufw in (one .conf file for each service)
The syntax is
Note: You configure fail2ban to use ufw and to insert new rules FIRST using the "insert 1" syntax. The delete will find the rule regardless of order.
There is a nice blog post that goes into more detail here
http://blog.vigilcode.com/2011/05/ufw-with-fail2ban-quick-secure-setup-part-ii/
[EDIT] For ubuntu 16.04+
by default a "
defaults-debian.conf
" in/etc/fail2ban/jail.d
with contentwill activated a the ssh protection of fail2ban.
You need to put it at false.
Then create a jail.local like you would do in general, mine would be like this:
There is already a ufw.conf in the fail2ban default installation so no need to create one.
The only specific change for you jail.local would be at action line where you need to put the application concerned for the protection and what you want to get as result.
ufw tend to detect automatically a certain amount of app running using the network. To have the list just type
sudo ufw app list
. It's case-sensitive.reload fail2ban and you'll no longer see the fail2ban chain and if any IP get a block you'll see it in
sudo ufw status
Installing 0.9.5 of fail2ban included a
ufw
action which I simply had to to set for thebanaction
I have been using fail2ban and ufw for years on couple of different computers, and never had any problems. To setup fail2ban:
Now edit the file as you wish, for example if you want to block unauthorized ssh find the lines:
if "enabled" is set to "false", change it to "true" as noted here. After you set the rules you need to restart the fail2ban process:
If you've opened the port 22 on your ufw firewall fail2ban will ban the clients that try to connect more than 6 times without success, it will not break your firewall.