Fail2ban Jail Generator

Visually build and export your fail2ban jail.local configuration.

Global [DEFAULT]

Ban Time

Find Time

Max Retry

Backend

Default Ban Action

Destination Email

Ignore IP(s)

Jails (1)

[sshd]sshd

Jail Name

Filter

Log Path

Action

Port

Protocol

Max Retry (override)

Find Time (override)

Ban Time (override)

Ignore IP (override)

Live Preview — jail.local

About this Tool

The Fail2ban Jail Generator lets you visually build a production-ready jail.local configuration without memorising Fail2ban syntax. Configure global defaults, add multiple service jails (SSH, Nginx, Apache, etc.), and instantly preview the generated config. When ready, copy it to your clipboard or download as jail.local to deploy directly on your server.

What is Fail2ban?

Fail2ban is an intrusion prevention tool that monitors log files for suspicious patterns — like repeated failed login attempts — and automatically blocks the offending IP address using your firewall. It's commonly used to protect SSH, web servers, mail servers, and more against brute-force attacks.

Key Terms

jail.localYour custom config file — overrides jail.conf without being overwritten by updates.

JailA rule set that monitors one service (e.g. SSH) and bans IPs that trigger too many failures.

FilterA regex pattern that tells Fail2ban what constitutes a failure in a log file.

bantimeHow long an IP stays banned. Use values like 10m, 1h, 1d, or -1 for permanent.

findtimeThe time window failures are counted in (e.g. 10m = last 10 minutes).

maxretryNumber of failures allowed within findtime before an IP is banned.

ignoreipWhitelist of IPs never banned — always include 127.0.0.1 to avoid locking yourself out.

ActionWhat happens on ban — e.g. iptables-multiport blocks specific ports, ufw for UFW systems.

BackendHow Fail2ban reads logs. Use auto or systemd if your system uses journald.

[DEFAULT]Global settings applied to all jails unless a jail overrides them individually.

Quick Start

After downloading your jail.local, place it at /etc/fail2ban/jail.local and restart Fail2ban with sudo systemctl restart fail2ban. Check active jails with sudo fail2ban-client status.