Fail2ban on Linux: Protect Your Server from Brute-Force Attacks

hydn · May 28, 2026, 5:53am

Read the full article: Fail2ban on Linux: Protect Your Server from Brute-Force Attacks

Fail2ban watches your log files and automatically bans IPs that repeatedly fail authentication, protecting your Linux server from brute-force attacks on SSH, web servers, and more. This guide covers installation, jail configuration, testing, and practical tuning to get real protection instead of just running defaults. continue reading.

hydn · May 29, 2026, 8:26pm

Another tip:

Cloudflare + Fail2ban combo - If the server sits behind Cloudflare, logpath IPs will all be Cloudflare’s ranges unless you restore the original visitor IP (via mod_remoteip for Apache or real_ip_module for Nginx).

You can then connect via Cloudflare API to also pass banned IPs to your Cloudflare block list:

github.com/fail2ban/fail2ban

config/action.d/cloudflare.conf

master

#
# Author: Mike Rushton
#
# IMPORTANT
#
# Please set jail.local's permission to 640 because it contains your CF API key.
#
# This action depends on curl (and optionally jq).
# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
#
# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account
#
# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#

This file has been truncated. show original

IronRod · May 30, 2026, 3:48am

Definitely. I use fail2ban on my servers.

hydn · May 30, 2026, 6:37pm

Yes indeed. It is really helpful. There’s the approach for example where we admins can move or close ports, or, we can run things on the popular ports like port 22 and permanently block offenders. I think the latter is arguably better to block as soon as mal intent is detected than trying to evade. Of course nothing is absolute, and both approaches need to be balanced out, but in general, I prefer that more aggressive posture.

That approach is used here for our forums as well, not just fail2ban but also with Cloudflare’s WAF. More aggressive filtering to keep the noise down, save bandwidth, have much easier to read logs and less false positive blocks.

Topic		Replies	Views
SSH Security: Protecting Your Linux Server from Threats Security & Privacy ssh , cybersecurity , system-security	10	679	April 14, 2025
Fail2ban-ui: Fail2Ban UI is a swissmade web interface Showcase firewall , ssh , system-security	1	58	May 28, 2026
Recommended Cloudflare Performance and Security Settings (Guide) Server & Sysadmin cloud-hosting , cdn , network-security	4	797	December 22, 2023
Generating Secure Passwords for your Linux Server Security & Privacy web-server , system-security , server	4	369	March 25, 2025
How to block outgoing ports? Help & Support firewall , network	3	240	March 2, 2026

Fail2ban on Linux: Protect Your Server from Brute-Force Attacks

Related topics