The following is a very basic guide for setting up Fail2ban for SSH.
Install and basic config
Install Fail2ban
sudo dnf install fail2ban
You may need to install the epel repo
sudo yum install epel-release
Configure to run on system boot
sudo systemctl enable fail2ban
Start Fail2ban service
sudo systemctl start fail2ban
Copy config file with
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Modify the config file
nano /etc/fail2ban/jail.local
Uncomment the following line and add any IPs that need to be whitelisted
ignoreip = 127.0.0.1/8 ::1 192.168.1.20
Save the file and restart Fail2Ban
sudo systemctl restart fail2ban
Configuring Fail2Ban for SSH
Create a new jail file in /etc/fail2ban/jail.d/ called sshd.local
nano /etc/fail2ban/fail.d/sshd.local
Add the following. Note: if you are using a custom ssh port, change “port = ssh” to “port = portnumber”
[sshd] enabled = true port = ssh action = iptables-multiport logpath = /var/log/secure maxretry = 5 bantime = 300
Restart Fail2ban
sudo systemctl restart Fail2ban
You can list the firewall rules to verify that an IP gets banned.
iptables -S | grep ipaddress
Unbanning an IP Address
You can unban an IP address with the following command.
sudo fail2ban-client set sshd unbanip 192.168.1.100
You can check out the following link for more information