Scans log files and check for in appropriate password activities and update and uses firewall (IPTables) to restrict (stop for a period of time) these activities. So fail2ban limits incorrect authorisation attempts, thereby reducing, but not entirely eliminating associated risks and bandwidths. It is primarily used on port and associated services open to the public. DigitalOcean How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04 and How Fail2Ban Works to Protect Services on a Linux Server. Also see the wiki of Fail2Ban on nftables and Fail2ban Add support for nftables #1118 and Add nftables actions #1292.

• sudo apt install fail2ban to install fail2ban
• sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local copy the main configuration file to a local file to be modified. It is recommended not to change the main file as it is updated with the package.
• sudo vim /etc/fail2ban/jail.local and adjust the following basic settings:
  • ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24
  • bantime = 60m
  • findtime = 60m
  • maxretry = 4
• then adjust each jail to be activated:

  • [postfix]
    # To use another modes set filter parameter "mode" in jail.local:
    enable  = true
    mode    = more
    bantime = 12h
    port    = smtp,465,submission
    logpath = %(postfix_log)s
    backend = %(postfix_backend)s 

  • [postfix-sasl]
    enabled  = true
    bantime  = 12h
    filter   = postfix[mode=auth]
    port     = smtp,465,submission,imap,imaps,pop3,pop3s
    # You might consider monitoring /var/log/mail.warn instead if you are
    # running postfix since it would provide the same log lines at the
    # "warn" level but overall at the smaller filesize.
    logpath  = %(postfix_log)s
    backend  = %(postfix_backend)s

• sudo systemctl restart fail2ban
• sudo systemctl restart fail2ban or journalctl -u fail2ban -xe to check fail2ban start correctly
• sudo iptables -S to check iptable