Written in the programming language Python, the security framework Fail2ban is a server module that can be used on all Linux and POSIX systems with firewalls or packet filters. Tucked away in the server’s log files, Fail2ban detects suspicious IP addresses (e.g. ones with multiple failed log-in attempts). Once a certain number of failed attempts is reached, the suspicious address is automatically blocked for a predetermined period of time. Fail2Ban administrators can also receive notices of the IP addresses via e-mail.
By default, Fail2Ban comes with a range of filters for Apache, Postfix, or the Courier mail server; these recognize certain strings in log files. These filters trigger actions, which are commands that are executed at a predetermined point in time. The combination of a filter and an action, which can cause Fail2ban to block an IP address, is known as a jail. With Fail2ban, these jails can be programmed for any software that creates log files. Because Fail2ban is made up of an open source framework with a GPL2 license, both its use and extensions remain entirely free of charge.