About — fail2ban·recipes

About

Copy-paste Fail2ban configs — by someone who runs Linux servers and got tired of re-finding the same jails.

Fail2ban is on almost every self-hosted Linux box, but the configs are scattered: a jail here, a half-working filter there, a Reddit thread for the rest. This site collects the ones that actually work into one library — each recipe is the shortest correct path to protecting one service, with the exact file path, the config block, the reload command, and how to confirm it's banning.

Recipes are written and checked against Fail2ban 0.11 / 1.x on Debian- and Ubuntu-based systems (the most common case). Filter names and paths can differ slightly between distros and versions — each recipe notes where that matters. When a config could lock you out (SSH, aggressive jails), the recipe says so and shows the safe way first.

Topics: jail.local basics, SSH, Nginx, Apache, Postfix/Dovecot, WordPress, recidive, and the iptables-vs-nftables / systemd-journald gotchas that break copy-pasted configs.