Install Fail2Ban on NetBSD 10

Fail2Ban monitors logs and bans IPs that show malicious patterns.

Step 1 – Install

pkgin install py310-fail2ban
echo 'fail2ban=YES' >> /etc/rc.conf
service fail2ban start

Step 2 – Configure (`/etc/fail2ban/jail.local`)

Always edit jail.local, not jail.conf:

[DEFAULT]
bantime  = 3600      # ban for 1 hour
findtime = 600       # within 10-minute window
maxretry = 5         # after 5 failures
banaction = iptables-multiport  # or firewalld on RHEL

ignoreip = 127.0.0.1/8 192.168.1.0/24

[sshd]
enabled  = true
port     = ssh,2222
logpath  = %(sshd_log)s
backend  = %(sshd_backend)s
maxretry = 3
bantime  = 86400

[nginx-http-auth]
enabled  = true

[nginx-botsearch]
enabled  = true

Step 3 – Reload and test

systemctl reload fail2ban 2>/dev/null || rc-service fail2ban reload
fail2ban-client status
fail2ban-client status sshd

Step 4 – Manually ban/unban

fail2ban-client set sshd banip 1.2.3.4
fail2ban-client set sshd unbanip 1.2.3.4

Install Fail2Ban on NetBSD 10

Install Fail2Ban on NetBSD 10

Step 1 – Install

Step 2 – Configure (/etc/fail2ban/jail.local)

Step 3 – Reload and test

Step 4 – Manually ban/unban

Step 2 – Configure (`/etc/fail2ban/jail.local`)