Fail2ban: Installation, Configuration, and Manual Ban/Unban

How to install and configure Fail2ban on Linux, and manually ban/unban IPs and check status.
June 17, 2026

Fail2ban: Installation, Configuration, and Manual Ban/Unban

Fail2ban is a security tool that monitors log files and, upon detecting malicious access patterns such as repeated login failures or port scans, automatically adds the offending IP to iptables or nftables firewall rules to block it.
It is most commonly used to protect against SSH brute-force attacks.

1. Install Fail2ban

Install Fail2ban
sh

2. Configure jail.local

Since jail.conf can be overwritten during updates, always create a separate jail.local for your configuration.
Create jail.local from default config
sh
Specify common settings in the [DEFAULT] section, and SSH-specific settings in the [sshd] section.
/etc/fail2ban/jail.local
sh

3. Start & Enable Service

Start and enable Fail2ban service
sh

4. Check Status

Check the full list of jails and the ban status of each.
Check all jail status
sh
Check the detailed status of a specific jail (including the list of banned IPs).
Check sshd jail status
sh

5. Manual Ban

Manually ban a specific IP immediately.
Manually ban an IP
sh

6. Manual Unban

Manually unban a banned IP.
Manually unban an IP
sh

7. Reload Configuration

After modifying jail.local, reload the configuration without restarting the service.
Reload Fail2ban configuration
sh

Command Summary

CommandDescription
fail2ban-client statusCheck full jail list
fail2ban-client status sshdCheck specific jail status and banned IP list
fail2ban-client set sshd banip <IP>Manually ban an IP
fail2ban-client set sshd unbanip <IP>Unban an IP
fail2ban-client reloadReload configuration
systemctl restart fail2banRestart the service
Jooojub
System S/W engineer
Explore Tags
Series
    Recent Post
    © 2026. jooojub. All right reserved.