Fail2Ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally (for example, iptables or TCP Wrapper). Fail2Ban’s main function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (e.g. /var/log/pwdfail, /var/log/auth.log, etc.) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.

Fail2Ban can perform multiple actions whenever an abusive IP is detected. It can update Netfilter/iptables firewall rules, or alternatively TCP Wrappers’ hosts.deny table, to reject an abuser’s IP address, email notifications, or any user-defined action that can be carried out by a Python script.