{"id":13234,"date":"2025-12-16T10:39:24","date_gmt":"2025-12-16T05:09:24","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13234"},"modified":"2025-12-16T10:39:26","modified_gmt":"2025-12-16T05:09:26","slug":"use-fail2ban-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/use-fail2ban-on-linux","title":{"rendered":"How to Use Fail2ban on Linux Server in 2026? &#8211; Beginner Friendly Guide"},"content":{"rendered":"\n<p><strong>Fail2ban is a lightweight intrusion prevention tool<\/strong> for Linux that scans service logs (SSH, web, mail) and automatically bans malicious IPs using your firewall (UFW, firewalld, iptables\/nftables). <\/p>\n\n\n\n<p>To use Fail2ban, install the package, enable appropriate \u201cjails,\u201d tune bantime\/findtime\/maxretry, and monitor bans with fail2ban client. It significantly reduces brute-force attacks with minimal overhead.<\/p>\n\n\n\n<p>Harden your Linux server with Fail2ban to stop brute force attempts before they become incidents. In this guide, you\u2019ll learn exactly how to use Fail2ban on a<strong> <a href=\"https:\/\/www.youstable.com\/blog\/install-mongodb-on-linux\/\">Linux server from installation<\/a><\/strong> and configuration to advanced jails, troubleshooting, and best practices.<\/p>\n\n\n\n<p>I\u2019ll share battle tested settings I use across production servers to keep SSH, Nginx\/Apache, and mail stacks safe.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-fail2ban-and-how-it-works\"><strong>What is Fail2ban and How it Works<\/strong>?<\/h2>\n\n\n\n<p>Fail2ban watches your system and application logs for suspicious patterns <strong>(failed logins, auth errors, scanning signatures)<\/strong>. When a threshold is reached, it bans the source IP by adding a temporary firewall rule. Each protection profile is a \u201cjail\u201d that ties together a log file (or systemd journal), a filter<strong> (regex rules)<\/strong>, and an action (firewall ban).<\/p>\n\n\n\n<p><strong>Key concepts:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Filters:<\/strong> Regex definitions stored in <code>\/etc\/fail2ban\/filter.d\/<\/code><\/li>\n\n\n\n<li><strong>Jails:<\/strong> Enable\/disable protection with thresholds in <code>\/etc\/fail2ban\/jail.local<\/code> or <code>jail.d\/*.local<\/code><\/li>\n\n\n\n<li><strong>Actions:<\/strong> Ban\/unban via UFW, firewalld, iptables-nft, etc.<\/li>\n\n\n\n<li><strong>Thresholds:<\/strong> <code>bantime<\/code>, <code>findtime<\/code>, <code>maxretry<\/code> control how quickly IPs are banned and for how long.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-compatibility\"><strong>Prerequisites and Compatibility<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Supported distros:<\/strong> Debian\/Ubuntu, RHEL\/CentOS\/AlmaLinux\/Rocky, openSUSE, others<\/li>\n\n\n\n<li><strong>Firewall:<\/strong> UFW, firewalld, or iptables\/nftables installed and active<\/li>\n\n\n\n<li>Root or sudo access<\/li>\n\n\n\n<li>Time synced with NTP; accurate timestamps help matching logs<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-fail2ban-on-linux-step-by-step-guide\"><strong>Install Fail2ban on Linux<\/strong> &#8211; (<strong>Step by Step<\/strong> Guide)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-debian\"><strong>Ubuntu\/Debian<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y fail2ban\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rhel-centos-almalinux-rocky\"><strong>RHEL\/CentOS\/AlmaLinux\/Rocky<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y epel-release\nsudo dnf install -y fail2ban fail2ban-firewalld\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"opensuse\"><strong>openSUSE<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo zypper install -y fail2ban\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<p>By default, <a href=\"https:\/\/www.youstable.com\/blog\/how-to-configure-fail2ban-on-linux\/\">Fail2ban ships with safe defaults but no persistent configuration<\/a>. You\u2019ll create a <code>jail.local<\/code> file to enable protection.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"core-configuration-jail-local\"><strong>Core Configuration: jail.local<\/strong><\/h3>\n\n\n\n<p>Never edit <code>jail.conf<\/code> directly. Instead, create <code>\/etc\/fail2ban\/jail.local<\/code> or drop-in files under <code>\/etc\/fail2ban\/jail.d\/<\/code>. Start with global defaults that apply to all jails.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"global-defaults-recommended\"><strong>Global defaults (recommended)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\n# Whitelist your management IPs\/ranges\nignoreip = 127.0.0.1\/8 ::1 203.0.113.10\n\n# Ban timing and thresholds\nbantime  = 1h\nfindtime = 10m\nmaxretry = 5\n\n# Use systemd journal where possible (modern distros)\nbackend = systemd\n\n# Choose a firewall action (see next section)\nbanaction = iptables-multiport\nbanaction_allports = iptables-allports\n\n# Logging\nlogtarget = \/var\/log\/fail2ban.log\n<\/code><\/pre>\n\n\n\n<p>Adjust <code>bantime<\/code>, <code>findtime<\/code>, and <code>maxretry<\/code> to balance security with user experience. For high-risk servers, extend <code>bantime<\/code> to several hours or enable a recidive jail later.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-ssh-protection-sshd-jail\"><strong>Enable SSH protection (sshd jail)<\/strong><\/h3>\n\n\n\n<p>SSH is the most targeted service. Enable its jail and set the correct log path or use the journal.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;sshd]\nenabled = true\nport    = 22\nbackend = systemd\nlogpath = %(sshd_log)s\nmaxretry = 4\nfindtime = 10m\nbantime  = 2h<\/code><\/pre>\n\n\n\n<p>On Debian\/Ubuntu, <code>%(sshd_log)s<\/code> maps to <code>\/var\/log\/auth.log<\/code>; on RHEL-based systems it maps to <code>\/var\/log\/secure<\/code>. With <code>backend = systemd<\/code>, Fail2ban reads journal entries for sshd across distros reliably.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"pick-the-right-firewall-backend\"><strong>Pick the right firewall backend<\/strong><\/h2>\n\n\n\n<p>Use an action that matches your firewall. Common choices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>UFW (Ubuntu):<\/strong> <code>banaction = ufw<\/code><\/li>\n\n\n\n<li><strong>firewalld (RHEL\/AlmaLinux):<\/strong> <code>banaction = firewallcmd-ipset<\/code><\/li>\n\n\n\n<li><strong>nftables:<\/strong> <code>banaction = nftables-multiport<\/code><\/li>\n\n\n\n<li><strong>Legacy iptables:<\/strong> <code>banaction = iptables-multiport<\/code><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nbanaction = ufw          # or firewallcmd-ipset \/ nftables-multiport \/ iptables-multiport<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apply-and-verify-your-configuration\"><strong>Apply and Verify Your Configuration<\/strong><\/h2>\n\n\n\n<p>After editing <code>jail.local<\/code> or drop-ins, reload the service and check status.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart fail2ban\nsudo fail2ban-client status\nsudo fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<p>You should see the sshd jail enabled with the correct filter, log path, and no bans yet. Trigger a few failed attempts from a test IP to confirm bans.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"managing-bans-and-logs\"><strong>Managing Bans and Logs<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Show running jails\nsudo fail2ban-client status\n\n# Show status for a specific jail (e.g., sshd)\nsudo fail2ban-client status sshd\n\n# Manually ban\/unban an IP\nsudo fail2ban-client set sshd banip 203.0.113.20\nsudo fail2ban-client set sshd unbanip 203.0.113.20\n\n# Tail Fail2ban log\nsudo tail -f \/var\/log\/fail2ban.log\n\n# Check firewall rules created by Fail2ban\nsudo iptables -S | grep f2b-   # legacy\nsudo nft list ruleset | grep f2b  # nftables\nsudo firewall-cmd --info-ipset=fail2ban-sshd  # firewalld action with ipset<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"protect-popular-services-with-ready-made-jails\"><strong>Protect Popular Services with Ready-Made Jails<\/strong><\/h2>\n\n\n\n<p>Fail2ban includes filters for common daemons. Enable the ones you run and set correct log paths.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-and-apache\"><strong>Nginx and Apache<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-http-auth]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/nginx\/error.log\n\n&#91;nginx-badbots]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/nginx\/access.log\n\n&#91;apache-auth]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/apache2\/error.log  # Debian\/Ubuntu\n# logpath = \/var\/log\/httpd\/error_log   # RHEL-based<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"wordpress-login-brute-force\"><strong>WordPress login brute force<\/strong><\/h3>\n\n\n\n<p>Protect <code>wp-login.php<\/code> and XML-RPC by matching 401\/403\/POST patterns. Many distros ship <code>nginx-http-auth<\/code> or <code>apache-badbots<\/code>. You can also add a custom filter if needed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"mail-stack-postfix-dovecot\"><strong>Mail stack (Postfix\/Dovecot)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;postfix]\nenabled = true\nport = smtp,ssmtp,submission\nlogpath = \/var\/log\/mail.log  # Debian\/Ubuntu\n# logpath = \/var\/log\/maillog  # RHEL-based\n\n&#91;dovecot]\nenabled = true\nport = pop3,pop3s,imap,imaps,submission,465,587,993,995\nlogpath = \/var\/log\/mail.log\nmaxretry = 5\nfindtime = 10m\nbantime = 1h<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ftp-sftp-vsftpd-proftpd-pure-ftpd\"><strong>FTP\/SFTP (vsftpd, proftpd, pure-ftpd)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;vsftpd]\nenabled = true\nport = ftp,ftp-data,ftps,ftps-data\nlogpath = \/var\/log\/vsftpd.log<\/code><\/pre>\n\n\n\n<p>Always confirm log file locations; they vary by distro and custom configs. If you use journald, keep <code>backend = systemd<\/code> and omit <code>logpath<\/code> where appropriate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-hardening-with-fail2ban\"><strong>Advanced Hardening with Fail2ban<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"recidive-jail-repeat-offenders\"><strong>Recidive jail (repeat offenders)<\/strong><\/h3>\n\n\n\n<p>Recidive re-bans IPs that get banned frequently across any jail\u2014useful against persistent attackers.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;recidive]\nenabled  = true\nlogpath  = \/var\/log\/fail2ban.log\nbanaction = iptables-allports\nfindtime = 1d\nbantime  = 7d\nmaxretry = 5<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"email-alerts-or-slack-notifications\"><strong>Email alerts or Slack notifications<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\ndestemail = admin@example.com\nsender = fail2ban@server.example.com\nmta = sendmail\naction = %(action_mw)s  # ban + whois report + email<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"respect-proxies-cdns-and-load-balancers\"><strong>Respect proxies, CDNs, and load balancers<\/strong><\/h2>\n\n\n\n<p>If your server sits behind Cloudflare or a reverse proxy, ensure your web server logs the real client IP. Otherwise, you may ban the proxy itself. Also add trusted reverse-proxy IP ranges to <code>ignoreip<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ipv6-and-persistence\"><strong>IPv6 and persistence<\/strong><\/h2>\n\n\n\n<p>Enable IPv6 actions if you serve IPv6 traffic. All modern actions support it; verify your firewall supports IPv6 rules. Fail2ban bans persist across restarts as long as the firewall is running and the service restarts on boot.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-issues\"><strong>Troubleshooting Common Issues<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No bans occurring:<\/strong> Check <code>fail2ban-client status jailname<\/code>, validate the correct <code>logpath<\/code> or <code>backend = systemd<\/code>, and ensure the service logs failures.<\/li>\n\n\n\n<li><strong>Wrong log path:<\/strong> Verify distro-specific paths (e.g., <code>\/var\/log\/auth.log<\/code> vs <code>\/var\/log\/secure<\/code>).<\/li>\n\n\n\n<li><strong>Firewall conflicts:<\/strong> Don\u2019t mix UFW, firewalld, and direct iptables rules without understanding how they interact. Pick one stack.<\/li>\n\n\n\n<li><strong>SELinux:<\/strong> On RHEL systems, ensure SELinux allows Fail2ban actions or set proper booleans. Check <code>\/var\/log\/audit\/audit.log<\/code>.<\/li>\n\n\n\n<li><strong>Containers:<\/strong> If the service runs in Docker, logs may be in journald or container logs. Consider host-level logs and using <code>backend = systemd<\/code>, or route logs to files.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-beyond-fail2ban\"><strong>Best Practices Beyond Fail2ban<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <a href=\"https:\/\/www.youstable.com\/blog\/ssh-keys-vs-password-authentication\/\">SSH keys and disable password<\/a> auth where possible.<\/li>\n\n\n\n<li>Change the default SSH port if operationally acceptable.<\/li>\n\n\n\n<li>Limit <a href=\"https:\/\/www.youstable.com\/blog\/how-to-enable-ssh-access-for-clients-or-users\/\">SSH access<\/a> by IP with your firewall or a VPN.<\/li>\n\n\n\n<li>Enable 2FA for SSH (e.g., Google Authenticator) on admin accounts.<\/li>\n\n\n\n<li>Rate-limit web endpoints like <code>\/wp-login.php<\/code> with Nginx\/Apache modules in addition to Fail2ban.<\/li>\n\n\n\n<li>Keep packages updated; outdated daemons can be exploited without brute force.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-managed-security-makes-sense\"><strong>When Managed Security Makes Sense<\/strong><\/h2>\n\n\n\n<p>If you\u2019re running mission-critical sites and lack time for hands-on hardening, a managed server is worth it. At YouStable, our <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\">managed VPS and dedicated servers<\/a> ship with optimized firewall policies, preconfigured Fail2ban jails, 24\u00d77 monitoring, and incident response\u2014so you stay focused on your app while we guard the perimeter.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-sample-jail-local\"><strong>Quick-Start: Sample jail.local<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local\n\n&#91;DEFAULT]\nignoreip = 127.0.0.1\/8 ::1 203.0.113.10\nbantime  = 2h\nfindtime = 10m\nmaxretry = 4\nbackend = systemd\nbanaction = nftables-multiport\nlogtarget = \/var\/log\/fail2ban.log\n\n&#91;sshd]\nenabled = true\nport = 22\nmaxretry = 4\n\n&#91;nginx-http-auth]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/nginx\/error.log\n\n&#91;postfix]\nenabled = true\nport = smtp,submission,465\nlogpath = \/var\/log\/mail.log\n\n&#91;dovecot]\nenabled = true\nport = imap,imaps,pop3,pop3s,submission,465,587,993,995\nlogpath = \/var\/log\/mail.log\n\n&#91;recidive]\nenabled = true\nlogpath = \/var\/log\/fail2ban.log\nbanaction = nftables-allports\nfindtime = 1d\nbantime  = 7d\nmaxretry = 5<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765795616063\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-fail2ban-enough-to-secure-ssh-on-its-own\"><strong>Is Fail2ban enough to secure SSH on its own?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Fail2ban is excellent at stopping brute force, but it\u2019s not a silver bullet. Combine it with SSH keys, disabled password logins, firewall IP allowlists, and regular patching for stronger, layered security.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765795623999\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-are-the-best-values-for-bantime-findtime-and-maxretry\"><strong>What are the best values for bantime, findtime, and maxretry?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For most servers: <code>bantime=1\u20132h<\/code>, <code>findtime=10\u201315m<\/code>, <code>maxretry=4\u20136<\/code>. High-risk environments can increase <code>bantime<\/code> or use the recidive jail to punish repeat offenders without locking out legitimate users for too long.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765795630329\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-use-iptables-nftables-ufw-or-firewalld-with-fail2ban\"><strong>Should I use iptables, nftables, UFW, or firewalld with Fail2ban?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Match Fail2ban\u2019s action to the firewall you already use. On Ubuntu, UFW is simplest. On RHEL derivatives, firewalld is standard. For modern kernels, nftables is recommended. Avoid mixing multiple firewall managers.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765795636749\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-stop-fail2ban-from-banning-my-cdn-or-proxy-ips\"><strong>How do I stop Fail2ban from banning my CDN or proxy IPs?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Add trusted ranges to <code>ignoreip<\/code> and ensure your web server captures the real client IP via <code>X-Forwarded-For<\/code> or the equivalent. Otherwise, your logs will show the proxy as the source and it may get banned.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765795653510\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-fail2ban-work-with-dockerized-services\"><strong>Can Fail2ban work with Dockerized services?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Point Fail2ban at journald or at container log files (via a bind mount or logging driver). Apply bans on the host firewall. Ensure the container\u2019s source IP is preserved and not NATed to localhost in your setup.<br \/>With these steps and configurations, you now know how to use Fail2ban on a Linux server effectively. Tune thresholds, enable relevant jails, and monitor regularly. If you want it pre-hardened, consider YouStable\u2019s managed servers with Fail2ban configured out of the box.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Fail2ban is a lightweight intrusion prevention tool for Linux that scans service logs (SSH, web, mail) and automatically bans malicious [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13759,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13234","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-Fail2ban-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13234"}],"version-history":[{"count":8,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13234\/revisions"}],"predecessor-version":[{"id":13761,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13234\/revisions\/13761"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13759"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}