fail2ban Troubleshooting
Bans Not Triggering
This is due to either invalid regex filters, timezone differences in logs and
fail2ban
container, or database wonkiness.
Ensure regex filter is actually catching known bannable attempts.
fail2ban-regex /path/to/log.log /etc/fail2ban/filter.d/my-filter.conf
Note
If there are known lines that should be caught, these should appear in the
output as matched
.
Ensure regex filter is loaded properly.
fail2ban-client --dp
Note
This will show the loaded filters and jails. They should match your config.
Restart the service to reload if different.
Set to debug and set if known bannable attempts are triggering.
docker-compose logs -f f2b-docker
Note
Bans should clearly appear in logs after logs are updated.
Reset fail2ban state.
fail2ban-client unban --all
docker-compose down
docker rmi crazymax/fail2ban:latest
rm /path/to/f2b/db/fail2ban.sqllite
docker-compuse up -d
Note
Sometimes the DB gets in a weird state where actions are not triggered. This will reset fail2ban to a default state (including the database) and actions should be triggered again.