{"id":13733,"date":"2025-12-20T10:20:11","date_gmt":"2025-12-20T04:50:11","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13733"},"modified":"2025-12-20T10:20:13","modified_gmt":"2025-12-20T04:50:13","slug":"how-to-optimize-fail2ban-on-linux-server-easy-guide","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-optimize-fail2ban-on-linux-server-easy-guide","title":{"rendered":"How to Optimize Fail2ban on Linux Server &#8211; Easy Guide"},"content":{"rendered":"\n<p><strong>To optimize Fail2ban on a Linux server<\/strong>, use the systemd backend for faster log scanning, tune bantime\/findtime\/maxretry with incremental bans, choose a modern firewall action (nftables or ipset), enable the recidive jail, whitelist trusted IPs, test filters with fail2ban-regex, and monitor performance using fail2ban-client and journald.<\/p>\n\n\n\n<p>Fail2ban is a lightweight intrusion prevention tool that bans IPs showing malicious behavior, such as repeated failed logins. In this guide, you\u2019ll learn how to optimize Fail2ban on Linux for stronger protection and better performance. We\u2019ll cover best practices, sample configurations, monitoring, and real-world tips drawn from years of <a href=\"https:\/\/www.youstable.com\/blog\/what-is-yum-on-linux-server\/\">managing production servers<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-fail2ban-and-why-optimization-matters\"><strong>What Is Fail2ban and Why Optimization Matters<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"978\" height=\"874\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-82.png\" alt=\"What Is Fail2ban and Why Optimization Matters\" class=\"wp-image-13969\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-82.png 978w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-82-150x134.png 150w\" sizes=\"auto, (max-width: 978px) 100vw, 978px\" \/><\/figure>\n\n\n\n<p>Fail2ban parses logs, finds suspicious patterns with filters, and blocks offenders via your firewall. Out-of-the-box it works, but with optimization you get fewer false positives, lower CPU and disk I\/O, faster detection, and longer bans for repeat attackers\u2014all crucial on <a href=\"https:\/\/www.youstable.com\/blog\/cloud-server-vs-dedicated-server\/\">busy VPS or dedicated servers<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-quick-install\"><strong>Prerequisites and Quick Install<\/strong><\/h2>\n\n\n\n<p>Fail2ban supports most Linux distributions. Install it, ensure a supported firewall (nftables, iptables, UFW, or firewalld), and confirm systemd\/journald is available for optimal performance.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Debian\/Ubuntu\nsudo apt update &amp;&amp; sudo apt <a href=\"https:\/\/www.youstable.com\/blog\/install-fail2ban-on-linux\/\">install -y fail2ban<\/a>\n\n# RHEL\/CentOS\/Alma\/Rocky\nsudo dnf install -y fail2ban\n\n# Enable &amp; start\nsudo systemctl enable --now fail2ban\nsudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"core-fail2ban-optimization-strategy\"><strong>Core Fail2ban Optimization Strategy<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-use-the-systemd-backend-journald-for-speed\"><strong>1) Use the systemd Backend (Journald) for Speed<\/strong><\/h3>\n\n\n\n<p>Reading logs directly from journald is faster and avoids logrotate issues. Set the global backend to systemd and use journalmatch in jails to target specific services.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local (global section)\n&#91;DEFAULT]\nbackend = systemd\nlogtarget = SYSLOG\nusedns = warn   # avoid reverse DNS latency<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-tune-bantime-findtime-and-maxretry-with-incremental-bans\"><strong>2) Tune bantime, findtime, and maxretry with Incremental Bans<\/strong><\/h3>\n\n\n\n<p>Avoid too short bans (ineffective) or too aggressive bans (locking out users). Combine reasonable thresholds with incremental banning for persistent offenders.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>bantime: initial ban duration (e.g., 10m\u201330m)<\/li>\n\n\n\n<li>findtime: window to count failures (e.g., 10m\u201330m)<\/li>\n\n\n\n<li>maxretry: number of failures allowed within findtime (e.g., 5\u20137)<\/li>\n\n\n\n<li>bantime.increment and bantime.factor to grow ban lengths for repeat attacks<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nbantime = 30m\nfindtime = 15m\nmaxretry = 6\nbantime.increment = true\nbantime.factor = 4\nbantime.formula = bantime * (1 + failures \/ 6)<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-whitelist-trusted-ips-and-ranges\"><strong>3) Whitelist Trusted IPs and Ranges<\/strong><\/h3>\n\n\n\n<p>Prevent accidental lockouts by whitelisting office ranges, VPN subnets, or monitoring systems. Keep this list tight and audited.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nignoreip = 127.0.0.1\/8 ::1 192.0.2.0\/24 198.51.100.10<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-choose-the-right-firewall-action-nftables-ipset-ufw-firewalld\"><strong>4) Choose the Right Firewall Action (nftables\/ipset\/UFW\/firewalld)<\/strong><\/h3>\n\n\n\n<p>Modern distributions default to nftables; use nftables actions where possible. For high-ban volumes, ipset or nft sets scale better than individual rules. On Ubuntu with UFW, use the ufw action; on RHEL with firewalld, use the firewalld action.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>nftables: banaction = nftables-multiport<\/li>\n\n\n\n<li>iptables + ipset: banaction = iptables-ipset-proto4<\/li>\n\n\n\n<li>UFW: banaction = ufw<\/li>\n\n\n\n<li>firewalld: banaction = firewallcmd-rich-rules<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nbanaction = nftables-multiport\nbanaction_allports = nftables-allports<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-enable-and-tune-the-recidive-jail\"><strong>5) Enable and Tune the recidive Jail<\/strong><\/h3>\n\n\n\n<p>recidive bans IPs that repeatedly trigger other jails over time, delivering longer bans to persistent attackers without penalizing legitimate <a href=\"https:\/\/www.youstable.com\/blog\/change-a-database-user-password-in-directadmin\/\">users who mistype passwords<\/a> once.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;recidive]\nenabled = true\nbackend = systemd\nlogpath = journal\nbantime = 1d\nfindtime = 1d\nmaxretry = 5\nbanaction = nftables-allports<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"6-optimize-and-test-filters-with-fail2ban-regex\"><strong>6) Optimize and Test Filters with fail2ban-regex<\/strong><\/h3>\n\n\n\n<p>False positives waste resources and block real users. Validate filters against real logs and adjust custom patterns where needed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Test the sshd filter against your auth logs\nsudo fail2ban-regex \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf\n\n# With journald, export a sample and test\njournalctl -u ssh --since \"1 hour ago\" &gt; \/tmp\/ssh.log\nsudo fail2ban-regex \/tmp\/ssh.log \/etc\/fail2ban\/filter.d\/sshd.conf<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"7-reduce-i-o-targeted-journalmatch-log-patterns-and-db-purge\"><strong>7) Reduce I\/O: Targeted journalmatch, Log Patterns, and DB Purge<\/strong><\/h3>\n\n\n\n<p>Watch only what you need and keep Fail2ban\u2019s SQLite DB lean:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use journalmatch to filter specific units (e.g., ssh.service, nginx.service).<\/li>\n\n\n\n<li>When using files, include rotated log patterns (e.g., \/var\/log\/auth.log*).<\/li>\n\n\n\n<li>Set dbpurgeage to remove stale records and reduce DB size.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\ndbpurgeage = 1d\n\n&#91;sshd]\nenabled = true\nbackend = systemd\njournalmatch = _SYSTEMD_UNIT=ssh.service\nport = ssh\nfilter = sshd\nmaxretry = 6\nfindtime = 15m\nbantime = 30m<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"8-disable-slow-reverse-dns-lookups\"><strong>8) Disable Slow Reverse DNS Lookups<\/strong><\/h3>\n\n\n\n<p>Set usedns to warn or no to avoid reverse lookups in high-traffic environments, which can slow down detection and banning.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"production-ready-jail-local-template\"><strong>Production-Ready jail.local Template<\/strong><\/h2>\n\n\n\n<p>Use this curated template as a starting point. Adjust ports, services, and actions for your stack (SSH, NGINX\/Apache, Postfix\/Dovecot, etc.).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local\n\n&#91;DEFAULT]\nbackend = systemd\nlogtarget = SYSLOG\nusedns = warn\nignoreip = 127.0.0.1\/8 ::1 192.0.2.0\/24\nbantime = 30m\nfindtime = 15m\nmaxretry = 6\nbantime.increment = true\nbantime.factor = 4\nbantime.formula = bantime * (1 + failures \/ 6)\ndbpurgeage = 1d\nbanaction = nftables-multiport\nbanaction_allports = nftables-allports\naction = %(action_mw)s  # ban + whois + email (optional)\n\n&#91;sshd]\nenabled = true\njournalmatch = _SYSTEMD_UNIT=ssh.service\nport = ssh\nfilter = sshd\nlogpath = journal\nmaxretry = 6\nfindtime = 15m\nbantime = 30m\n\n&#91;nginx-http-auth]\nenabled = true\njournalmatch = _SYSTEMD_UNIT=nginx.service\nport = http,https\nfilter = nginx-http-auth\nlogpath = journal\nmaxretry = 5\n\n&#91;nginx-botsearch]\nenabled = true\njournalmatch = _SYSTEMD_UNIT=nginx.service\nport = http,https\nfilter = nginx-botsearch\nlogpath = journal\nmaxretry = 3\nfindtime = 10m\nbantime = 1h\n\n&#91;postfix]\nenabled = true\njournalmatch = _SYSTEMD_UNIT=postfix.service\nport = smtp,ssmtp,submission\nfilter = postfix\nlogpath = journal\nmaxretry = 5\n\n&#91;dovecot]\nenabled = true\njournalmatch = _SYSTEMD_UNIT=dovecot.service\nport = pop3,pop3s,imap,imaps\nfilter = dovecot\nlogpath = journal\nmaxretry = 5\n\n&#91;recidive]\nenabled = true\nbackend = systemd\nlogpath = journal\nbantime = 1d\nfindtime = 1d\nmaxretry = 5\nbanaction = nftables-allports<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"manage-monitor-and-test-efficiently\"><strong>Manage, Monitor, and Test Efficiently<\/strong><\/h2>\n\n\n\n<p>Use these commands to inspect state, diagnose filters, and apply changes without service disruption.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># View global status and per-jail stats\nsudo fail2ban-client status\nsudo fail2ban-client status sshd\n\n# Reload config after edits\nsudo fail2ban-client reload\n# or with sanity checks\nsudo fail2ban-client -d\nsudo systemctl reload fail2ban\n\n# Unban a specific IP (example)\nsudo fail2ban-client set sshd unbanip 203.0.113.45\n\n# Inspect logs via journald\njournalctl -u fail2ban -b\njournalctl -u fail2ban --since \"1 hour ago\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-scaling-tips\"><strong>Advanced Scaling Tips<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-ipset-or-nft-sets-for-large-ban-lists\"><strong>Use ipset or nft Sets for Large Ban Lists<\/strong><\/h3>\n\n\n\n<p>Hundreds of individual firewall rules slow packet processing. Sets allow O(1) membership checks and keep firewall rules minimal. Use iptables-ipset or nftables actions designed for sets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-service-specific-jails-with-tight-filters\"><strong>Create Service-Specific Jails with Tight Filters<\/strong><\/h3>\n\n\n\n<p>Separate jails for SSH, web auth, mail, and admin panels provide clear visibility and tailored thresholds. For example, aggressive bans for admin pages, but less aggressive for public endpoints that see more user mistakes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"integrate-notifications-and-siem\"><strong>Integrate Notifications and SIEM<\/strong><\/h3>\n\n\n\n<p>Use action_mw or action_mwl for email alerts. For centralized logging, forward Fail2ban events to syslog and into your SIEM. Rate-limit notifications to avoid alert fatigue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-mistakes-to-avoid\"><strong>Common Mistakes to Avoid<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Watching huge generic logs instead of using journald filters.<\/li>\n\n\n\n<li>Overly short bantime that attackers easily bypass.<\/li>\n\n\n\n<li>Not enabling recidive for persistent repeat offenders.<\/li>\n\n\n\n<li>Failing to whitelist trusted IP ranges, causing self-lockouts.<\/li>\n\n\n\n<li>Using <a href=\"https:\/\/www.youstable.com\/blog\/use-iptables-on-linux\/\">iptables rules without sets on high-traffic servers<\/a>.<\/li>\n\n\n\n<li>Leaving usedns at default in latency-sensitive environments.<\/li>\n\n\n\n<li>Not testing filters with fail2ban-regex before deploying.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-cheatsheet\"><strong>Troubleshooting Cheatsheet<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Jail not banning: check \u201cfail2ban-client status jailname\u201d to verify matches; increase loglevel and inspect \u201cjournalctl -u fail2ban\u201d.<\/li>\n\n\n\n<li>Filter misses attacks: validate with fail2ban-regex; update to latest filters in \/etc\/fail2ban\/filter.d\/.<\/li>\n\n\n\n<li>Bans vanish after reboot: ensure fail2ban is enabled; prefer nft\/ipset actions with persistent sets; verify systemd unit enabled.<\/li>\n\n\n\n<li>High CPU or I\/O: switch to backend=systemd and use journalmatch; prune DB with dbpurgeage; reduce number of jails and noisy logs.<\/li>\n\n\n\n<li>Conflicts with Docker: use DOCKER-USER chain or nftables; ensure your banaction doesn\u2019t clash with container rules.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-and-performance-checklist\"><strong>Security and Performance Checklist<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>backend=systemd with journalmatch per service<\/li>\n\n\n\n<li>Reasonable bantime\/findtime\/maxretry plus bantime.increment<\/li>\n\n\n\n<li>nftables or ipset-based banaction for scale<\/li>\n\n\n\n<li>recidive enabled with allports action<\/li>\n\n\n\n<li>ignoreip for office\/VPN\/monitoring<\/li>\n\n\n\n<li>usedns=warn or no to reduce latency<\/li>\n\n\n\n<li>dbpurgeage set to keep SQLite DB small<\/li>\n\n\n\n<li>Regular filter tests with fail2ban-regex<\/li>\n\n\n\n<li>Per-service jails and tailored thresholds<\/li>\n\n\n\n<li>Consistent monitoring via fail2ban-client and journald<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-optimizing-fail2ban-on-linux\"><strong>FAQs: Optimizing Fail2ban on Linux<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765868171259\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-are-the-best-bantime-findtime-and-maxretry-values\"><strong>What are the best bantime, findtime, and maxretry values?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For most servers, start with bantime=30m, findtime=15m, maxretry=6, and enable bantime.increment with a factor around 4. Increase bantime for repeat offenders via the recidive jail. Always test against your real traffic patterns.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765868178707\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-use-nftables-iptables-ufw-or-firewalld-with-fail2ban\"><strong>Should I use nftables, iptables, UFW, or firewalld with Fail2ban?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use your distribution\u2019s native firewall: nftables on modern Debian\/Ubuntu and RHEL derivatives, UFW on Ubuntu if you already manage with UFW, and firewalld on RHEL\/CentOS\/Alma\/Rocky. For large ban lists, prefer nft sets or ipset actions.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765868186841\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-journald-faster-than-file-based-log-parsing\"><strong>Is journald faster than file-based log parsing?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. backend=systemd reads directly from journald, reduces disk I\/O, and avoids issues after log rotation. Combine it with journalmatch filters to monitor only the necessary services.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765868197008\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-prevent-false-positives\"><strong>How do I prevent false positives?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Whitelist trusted IPs with ignoreip, use per-service jails with appropriate thresholds, and validate filters using fail2ban-regex against recent logs. Monitor bans and adjust filters or thresholds where legitimate users are impacted.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765868205279\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-does-the-recidive-jail-do\"><strong>What does the recidive jail do?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>recidive aggregates offenders that trip multiple jails over time and applies longer, often all-port bans. It\u2019s one of the most effective ways to handle persistent, distributed brute-force attempts without harming normal user behavior.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To optimize Fail2ban on a Linux server, use the systemd backend for faster log scanning, tune bantime\/findtime\/maxretry with incremental bans, [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":15468,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13733","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Optimize-Fail2ban-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13733"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13733\/revisions"}],"predecessor-version":[{"id":15469,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13733\/revisions\/15469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15468"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}