In version 5.00 Fail2ban has been added as the default-enabled security guard for better intrusion prevention on your device.
It has multiple filters enabled and mainly checks for suspicious activity at the following services and protocols:
Apache2 (HTTP/HTTPS)
SSHD
SMTP
PostgreSQL
1) Logging
Available at /var/log/fail2ban.log
Example:
2023-04-19 13:04:26,272 fail2ban.filter [745]: INFO [sshd] Found 192.168.0.105 - 2023-04-19 13:04:26
2023-04-19 16:00:11,249 fail2ban.filter [745]: INFO [apache-antibot] Found 192.168.0.105 - 2023-04-19 16:00:10
2023-04-19 16:00:11,624 fail2ban.actions [745]: NOTICE [apache-antibot] Ban 192.168.0.105
It tracks every IP address actions and shows which filter caught the activity.
2) Unbanning:
First you need to determine which filter banned the IP. In example:
2023-04-19 16:00:11,624 fail2ban.actions [745]: NOTICE [apache-antibot] Ban 192.168.0.105
user from 192.168.0.105 was banned because of apache-antibot filter. To unban him you need to specify which filter (jail) caught the action and his IP, e.g:
fail2ban-client set apache-antibot unbanip 192.168.0.105