Sign in Subscribe

🛡️ Securing Your Linux Server with Fail2Ban and UFW Firewall

Harsh Verdhan Singh

2 min read
🛡️ Securing Your Linux Server with Fail2Ban and UFW Firewall

Running a website or application on a Linux server comes with a big responsibility: keeping it secure. Attackers are constantly scanning the internet for weak SSH logins, open ports, and unprotected services.

In this guide, we’ll walk you through setting up Fail2Ban and UFW (Uncomplicated Firewall) to protect your server.

🔥 Step 1: Update Your Server

Before installing anything, make sure your system is up-to-date:

sudo apt update && sudo apt upgrade -y

🔥 Step 2: Install and Enable UFW Firewall

UFW makes managing firewall rules simple.

sudo apt install ufw -y

Allow SSH, HTTP, and HTTPS traffic:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Enable UFW:

sudo ufw enable
sudo ufw status verbose

✅ Now your server only allows SSH, web, and secure web traffic.

🔥 Step 3: Install Fail2Ban

Fail2Ban automatically blocks IP addresses that show malicious signs (like multiple failed SSH login attempts).

sudo apt install fail2ban -y

🔥 Step 4: Configure Fail2Ban

Copy the default config file so your changes are safe from updates:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration:

sudo nano /etc/fail2ban/jail.local

Look for [sshd] and set:

[sshd]
enabled   = true
port      = ssh
filter    = sshd
logpath   = /var/log/auth.log
maxretry  = 5
bantime   = 600

This means:

  • Block an IP after 5 failed SSH attempts
  • Ban it for 10 minutes (600 seconds)

🔥 Step 5: Start and Enable Fail2Ban

sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl status fail2ban

Check active jails (rules currently being enforced):

sudo fail2ban-client status

🚀 Step 6: Test the Setup

Try logging in with the wrong SSH password multiple times from another machine. After 5 attempts, your IP will be banned temporarily.

You can check the banned IPs with:

sudo fail2ban-client status sshd

✅ Final Thoughts

With UFW firewall restricting access and Fail2Ban automatically blocking attackers, your Linux server is much more secure. Combine this with strong passwords, SSH keys, and regular updates for maximum protection.

Security isn’t a one-time job — it’s an ongoing process. But with these steps, you’ve taken a big step towards hardening your server against common attacks.

⚡ Suggested slug: /secure-your-linux-server
⚡ Tags: Cybersecurity, Linux, Server Security, Fail2Ban, Firewall

Sign up for more like this.

Enter your email
Subscribe