Skip to content
Daemon to ban hosts that cause multiple authentication errors
Python Shell
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


               __      _ _ ___ _               
              / _|__ _(_) |_  ) |__  __ _ _ _  
             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

Fail2Ban (version 0.4.1)                           06/30/2005

Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. Currently iptables, ipfw and
ipfwadm are supported. Fail2Ban can read multiple log files
such as sshd or Apache web server ones. It needs log4py.

This is my first Python program. Moreover, English is not my
mother tongue...

More details:

Fail2Ban is rather simple. I have a home server connected to
the Internet which runs apache, samba, sshd, ... I see in my
logs that people are trying to log into my box using "manual"
brute force or scripts. They try 10, 20 and sometimes more
user/password (without success anyway). In order to
discourage these script kiddies, I wanted that sshd refuse
login from a specific ip after 3 password failures. After
some Google searches, I found that sshd was not able of that.
So I search for a script or program that do it. I found
nothing :-( So I decide to write mine and to learn Python :-)

For each sections defined in the configuration file, Fail2Ban
tries to find lines which match the failregex. Then it
retrieves the message time using timeregex and timepattern.
It finally gets the ip and if it has already done 3 or more
password failures in the last banTime, the ip is banned for
banTime using a firewall rule. After banTime, the rule is
deleted. Notice that if no "plain" ip is available, Fail2Ban
try to do DNS lookup in order to found one or several ip's to

Sections can be freely added so it is possible to monitor
several daemons at the same time.

Runs on my server and does its job rather well :-) The idea
is to make fail2ban usable with daemons and services that
require a login (sshd, telnetd, ...). It should also support
others firewalls than iptables.


Require: python-2.3 (
         log4py-1.1 (

To install, just do:

> tar xvfj fail2ban-0.4.1.tar.bz2
> cd fail2ban-0.4.1
> python install

This will install Fail2Ban into /usr/lib/fail2ban. The executable is placed into /usr/bin.

For Gentoo users, an ebuild is available on the website.

Fail2Ban should now be correctly installed. Just type:

> -h

to see if everything is alright. You can configure fail2ban
with a config file. Copy config/fail2ban.conf.default to

Gentoo users can use the initd script available in config/.
Copy gentoo-initd to /etc/init.d/fail2ban and gentoo-confd
to /etc/conf.d/fail2ban. You can start fail2ban and add it
to your default runlevel:

> /etc/init.d/fail2ban start
> rc-update add fail2ban default


You can configure fail2ban using the file /etc/fail2ban.conf
or using command line options. Command line options override
the value stored in fail2ban.conf. Here are the command line

  -b         start fail2ban in background
  -d         start fail2ban in debug mode
  -e <INTF>  ban IP on the INTF interface
  -c <FILE>  read configuration file FILE
  -p <FILE>  create PID lock in FILE
  -h         display this help message
  -i <IP(s)> IP(s) to ignore
  -k         kill a currently running Fail2Ban instance
  -l <FILE>  log message in FILE
  -r <VALUE> allow a max of VALUE password failure
  -t <TIME>  ban IP for TIME seconds
  -v         verbose. Use twice for greater effect
  -w <FIWA>  select the firewall to use. Can be iptables,
             ipfwadm or ipfw


You need some new features, you found bugs or you just
appreciate this program, you can contact me at :


Cyril Jaquier: <>


Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
Tom Pike, Iain Lea


Fail2Ban is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later

Fail2Ban is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
PURPOSE.  See the GNU General Public License for more

You should have received a copy of the GNU General Public
License along with Fail2Ban; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330,
Boston, MA  02111-1307  USA
Something went wrong with that request. Please try again.