fail2ban Troubleshooting

Bans Not Triggering

This is due to either invalid regex filters, timezone differences in logs and fail2ban container, or database wonkiness.

Ensure regex filter is actually catching known bannable attempts.

fail2ban-regex /path/to/log.log /etc/fail2ban/filter.d/my-filter.conf

Note

If there are known lines that should be caught, these should appear in the output as matched.

Ensure regex filter is loaded properly.

fail2ban-client --dp

Note

This will show the loaded filters and jails. They should match your config.

Restart the service to reload if different.

Reset fail2ban state.

fail2ban-client unban --all
rm /var/lib/fail2ban/fail2ban.sqlite3

Note

Sometimes the DB gets in a weird state where actions are not triggered. This will reset fail2ban to a default state (including the database) and actions should be triggered again.