By default on CentOS iptables are used as a firewall. If it is not, the following will change slightly (especially at the ‘ban action’ level).
yum install fail2ban systemctl enable fail2ban vim /etc/fail2ban/jail.local # If the package is not available you can execute: yum install epel-release
It does exist a configuration file /etc/fail2ban/jail.conf.
We do not modify this one otherwise if we update fail2ban it will be overwritten.
Put the following content into the file jail.local
[DEFAULT] # Ban hosts for one hour: bantime = 3600 # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport [sshd] enabled = true
⇒ 1h banning, iptables-multiport used for banning (IP banning on all ports), active prison on sshd service
systemctl restart fail2ban fail2ban-client status
fail2ban-client status sshd [root@slave-server ~]# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 8 | |- Total failed: 625 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 57 |- Total banned: 57 `- Banned IP list: 22.214.171.124 126.96.36.199 188.8.131.52 ...
deleting a blocked ip :
fail2ban-client set sshd unbanip 184.108.40.206