Fail2Ban and Cloudflare Setup


Is there any settings required for the f2b in terms of domains and servers behind CF

I see this topic here but not sure how to approach this, i have applied all those, but is this applicable to hestia and f2b

Now this is what i have

2020-04-04 10:12:00,736 fail2ban.filter         [7975]: INFO      encoding: UTF-8
2020-04-04 10:12:00,736 fail2ban.filter         [7975]: INFO      maxRetry: 2
2020-04-04 10:12:00,737 fail2ban.filter         [7975]: INFO      findtime: 600
2020-04-04 10:12:00,737 fail2ban.actions        [7975]: INFO      banTime: 600
2020-04-04 10:12:00,740 fail2ban.jail           [7975]: INFO    Jail 'nginx-limit-req' started
2020-04-04 10:12:00,747 fail2ban.jail           [7975]: INFO    Jail 'recidive' started
2020-04-04 10:12:00,756 fail2ban.jail           [7975]: INFO    Jail 'ssh-iptables' started
2020-04-04 10:12:00,759 fail2ban.jail           [7975]: INFO    Jail 'vsftpd-iptables' started
2020-04-04 10:12:00,767 fail2ban.jail           [7975]: INFO    Jail 'hestia-iptables' started

Thanks for your inputs.


1 Like

There’s already a template action for cloudflare at /etc/fail2ban/action.d/cloudflare.conf which you can use with a filter of your choice (a custom wordpress one in my case) in your jail.local file.

I have it set up something like this (I also call iptables for domains that don’t sit behind CF - there’ s no need to configure domains individually)…

enabled = true
port = http,https
filter = wordpress
action = cloudflare[[email protected],cftoken=YOUR_API_KEY]
logpath = /var/log/apache2/domains/*.log
maxretry = 10
bantime = 86400
findtime = 10800

Hope this helps

More info on the Cloudflare action and setup

1 Like