Bans IP that makes too many password failures


Fail2Ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.


2006/02/16 Fail2ban 0.6.1 is available. Thanks to everyone who contributed to this release. Look at the ChangeLog for a complete list of changes.
2006/02/11 Quite a lot of news: The Art of Web has a great howto, much better than the poor official Fail2ban documentation. Thanks to them. Fail2ban is now marked as stable in Gentoo Portage. Fail2ban 0.6.1 should be release soon. Gentoo users can test the CVS version with this ebuild. I will start the development of Fail2ban 0.7 in March. You can already look at the planned features here. Nightly snapshots are now available here.
2006/01/03 Happy New Year! Markus Hoffmann has created a Fail2ban addon for Ipcop. Many thanks to him.


Fail2Ban is a console application so screenshots are not really impressive.

Fail2Ban screenshot


Here is the ChangeLog for the latest version. The full ChangeLog can be found here.

ver. 0.6.1 (2006/03/16) - stable
- Added permanent banning. Set banTime to a negative value to
  enable this feature (-1 is perfect). Thanks to Mannone
- Fixed locale bug. Thanks to Fernando José
- Fixed crash when time format does not match data
- Propagated patch from Debian to fix fail2ban search path
  addition to the path search list: now it is added first.
  Thanks to Nick Craig-Wood
- Added SMTP authentification for mail notification. Thanks
  to Markus Hoffmann
- Removed debug mode as it is confusing for people
- Added parsing of timestamp in TAI64N format (#1275325).
  Thanks to Mark Edgington
- Added patch #1382936 (Default formatted syslog logging).
  Thanks to Patrick Börjesson
- Removed from ignoreip. Attacks could also
  come from the local network.
- Robust startup: if iptables module does not get fully
  initialized after startup of fail2ban, fail2ban will do
  "maxreinit" attempts to initialize its own firewall. It
  will sleep between attempts for "polltime" number of
  seconds (closes Debian: #334272). Thanks to Yaroslav
- Added "interpolations" in fail2ban.conf. This is provided
  by the ConfigParser module. Old configuration files still
  work. Thanks to Yaroslav Halchenko
- Added initial support for hosts.deny and shorewall. Need
  more testing. Please test. Thanks to kojiro from Gentoo
  forum for hosts.deny support
- Added support for vsftpd. Thanks to zugeschmiert


The latest Readme file can be found here. It contains useful information such as installation process. Please read this file first.


Fail2Ban manual and installation instruction are available in the README file and in the configuration file. Man pages are also available in the packages.

Bug reports, feature requests and support can be addressed on the project page at



Fail2Ban can be downloaded directly from sites.

Sources The official releases are available here.
Snapshots Nightly snapshots are available here.
Gentoo Fail2Ban is in Portage. Ebuilds are also available here.
Debian Packages are available here. Thanks to Yaroslav Halchenko
RedHat RPMs are available here. Thanks to Jonathan Kamens
Ipcop Addon is available here. Thanks to Markus Hoffmann


Here are some interesting links:

PassKool: PassKool is a deterministic password generator in Python.
Python: the official website for the Python language.
Log4py: log4py is a logging module for python, similar to log4j.
Netfilter: the netfilter/iptables project

Valid XHTML 1.1! Valid CSS!