How to upgrade Fail2Ban to support IPv6

Posted on
how to upgrade to fail2ban version 0.10.1 to support IPv6 bruteforce protection

Fail2Ban, the, as we Germans say, eggs laying, whool making, milk producing, female pig

Fail2Ban is one of the tools every web master has to have running on it’s machines to sort out the bad apples from the good one. Fail2Ban reads the servers log files and looks for certain login attempt patterns.

The downside was no support for IPv6

While it was taking very good care of login attempts from IPv4 addresses, every server accessible from a IPv6 was not secured by it. Luckily, this has been changed. In August this year, Fail2Ban released version 0.10.0 and added IPv6 support the very first time. Just some few days ago, on Thursday 12th 2017, version 0.10.1 was released and brought some more optimizations. Check out the change log on Github.

Well, since Fail2Ban has support for IPv6 and many servers running on Ubuntu or Debian, still having the old 0.9x version in their repositories, there is a large demand for admins to get Fail2Ban updated right away.

How to update Fail2Ban on Ubuntu / Debian

To update Fail2Ban you can simply run this commands. To make sure there is no conflict, we will first uninstall the current version, installed via Ubuntu / Debian repositories and autoremove python3-pyinotify to make sure there will not be a conflict afterwards. Then we will install python3-pyinotify again.

apt remove fail2ban -y && apt autoremove -y
apt install python3-pyinotify

In the next step we will download Fail2Ban from Github, unpack it, push it to /etc/ and install it with:

cd /tmp/
tar xvf 0.10.1.tar.gz
mv fail2ban-0.10.1/* /etc/fail2ban/
cd /etc/fail2ban/
python install

By now Fail2Ban is not yet running. And I am sure you want to have it auto start after a reboot. Therefore run the following commands:

cp files/debian-initd /etc/init.d/fail2ban
update-rc.d fail2ban defaults
systemctl unmask fail2ban
service fail2ban start

Make a short check with:

fail2ban-client -h

and you should get the following output:

Usage: fail2ban-client [OPTIONS] 

Fail2Ban v0.10.1 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.

And that’s it. From now on you have the latest version of Fail2Ban on your server running which also brings support for IPv6.

Please take one or two moments to read the release logs for version 0.10.0. Fail2Ban has changed a lot of things and it could be possible, that some of your older filters will not work anymore and you will have to update them.

Related Articles
This tutorial is mainly written to help enthusiasts in Kenya to setup their own web server with Digital Ocean and host a WordPress blog on Read more
Deploy a Rocket Chat server within a few minutes on a ISPConfig Server. Just install it easily via Ubuntu Snap package and use Apache's Reverse Read more
How to install Wekan, a open source & self hosted Trello alternative, on your own Ubuntu 16.04 server with ISPConfig 3.1 using Apache Reverse Proxy.
How to install ISPConfig 3.1 on Ubuntu 16.04 on a Digital Ocean Server incl. Apache as web server, Postfix as mail server, Pure FTPD as Read more
Just recently Mark Shuttlewort announced the death of Unity coming with Ubuntu 18.04. Me myself - I don't like the idea at all. I am Read more

2 thoughts on “How to upgrade Fail2Ban to support IPv6

  1. Many thanks for this guide. I did not realise/remember that this was a python utility, and thus by using “apt remove” I would not have to worry about update/upgrade messing with the manual install of send2fail.

  2. Great thanks! Practical and effective 🙂

Leave a Reply to Bob Geddes Cancel reply

Your email address will not be published. Required fields are marked *