fail2ban Troubleshooting

Bans Not Triggering

This is due to either invalid regex filters, timezone differences in logs and fail2ban container, or database wonkiness.

Ensure regex filter is actually catching known bannable attempts.

fail2ban-regex /path/to/log.log /etc/fail2ban/filter.d/my-filter.conf

Note

If there are known lines that should be caught, these should appear in the output as matched.

Ensure regex filter is loaded properly.

fail2ban-client --dp

Note

This will show the loaded filters and jails. They should match your config.

Restart the service to reload if different.

Set to debug and set if known bannable attempts are triggering.

docker-compose logs -f f2b-docker

Note

Bans should clearly appear in logs after logs are updated.

Reset fail2ban state.

fail2ban-client unban --all
docker-compose down
docker rmi crazymax/fail2ban:latest
rm /path/to/f2b/db/fail2ban.sqllite
docker-compuse up -d

Note

Sometimes the DB gets in a weird state where actions are not triggered. This will reset fail2ban to a default state (including the database) and actions should be triggered again.