Fail2ban: enabling ipset in Debian Jessie

Prerequisite:

  • fail2ban
  • iptable
  • ipset

To enable ipset in fail2ban edit /etc/fail2ban/jail.conf
# vi /etc/fail2ban/jail.conf
...
[ssh-iptables-ipset4]

enabled = true # change this
port     = ssh
filter   = sshd
banaction = iptables-ipset-proto4
logpath = /var/log/auth.log
maxretry = 3

[ssh-iptables-ipset6]

enabled = true # change this
port     = ssh
filter   = sshd
banaction = iptables-ipset-proto6
logpath = /var/log/auth.log
maxretry = 3
...
Restart your fail2ban
# /etc/init.d/fail2ban restart