For Debian 12
-
sudo apt install fail2ban
-
sudo systemctl start fail2ban
-
sudo systemctl enable fail2ban
-
Need to set configuration
-
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local -
Search for the
[sshd] section (there are 2. Use the last one)[sshd] backend = systemd enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 -
Then
sudo systemctl restart fail2ban -
sudo systemctl status fail2ban
-
-
To check iptables rules added by fail2ban
- iptables -L f2b-sshd -v -n –line-numbers
-
Check the jail status
-
sudo fail2ban-client status sshd
-
Reference: