Fail2ban for my ERPNext server


ERPNext: v12.10.1 (version-12)

Frappe Framework: v12.8.4 (version-12)

I have seen many attempts to gain access onto my server via ssh and I have been reading up
about fail2ban.

I found a few nice articles to install ip-tables and fail2ban and to configure the jail.local file.

First time I am working with fail2ban but I was about to get my fingers dirty and configure
the jail.local file, when I found this thread …

Which suggests that I use bench…
sudo bench setup fail2ban

Will this install ip-tables and fail2ban and also configure the jail.local file ?

iptables is installed by default on Debian-based operating systems, CentOS, and probably most other Linux distributions. Bench doesn’t install it. But 99% of the time, you already have it.

(perhaps Arch Linux is an exception)

Bench does create a default jail for fail2ban. It’s pretty basic, though.


I feel embarrassed…

I see fail2ban is already installed.

If someone can perhaps just help me understand …

fail2ban-client status

|- Number of jail: 2
`- Jail list: nginx-proxy, sshd

So the jail for nginx and sshd is active.

What I dont understand ( and please be patient, this is the first time I am working with fail2ban)

From the install doc that I used to install ERPNext…

The configuration files created by the bench command are:

  • Two Nginx configuration files located at /etc/nginx/nginx.conf and /etc/nginx/conf.d/frappe-bench.conf
  • One Fail2Ban proxy jail located at /etc/fail2ban/jail.d/nginx-proxy.conf and one filter located at /etc/fail2ban/filter.d/nginx-proxy.conf

I can see how they refer to each other, but if I go according to the other reading that I did
about fail2ban, then I am looking for a file “jail.local” where reference is made to
these jails and filters. So I am not sure how fail2ban is referencing the info in these
jail and filter files.

Also, in the jail.conf , the sshd-section refers to port=ssh

Does it pick up the port number for ssh from sshd_config ?

I’m not an expert on fail2ban. But I “believe” that any files located in this directory:


…will be processed. There’s probably an “include” statement somewhere further up the chain, that makes reference to ‘filter.d’

Not sure how Fail2ban knows the SSH port, or if it just “assumes” 22. :man_shrugging:

Thank you @brian_pond for your time and assistance. I shall have another look to see
if there is a reference to the /filter.d/ folder.

Reason I am asking about the port , is that, when everything is working correctly I am
considering to change the port number. Then I need to know how to affect that type of change.

Check with your VPS service provider as to which port will be allowed. You may end up with a VPS that couldn’t be accessed via SSH. Have gone through that once on a production server.

Thank you @Muzzy, I shall check with them before changing anything.