How to use fail2ban?

Apologies if this is a simple request. I have installed fail2ban and not quite sure how I should be setting it up. I would like to activate it for SSH and luci login. I have edited the jail.conf file in the following areas:


# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.

mode   = normal
port    = ssh
logpath = /var/log/auth.log


port     = ssh
logpath  = /var/log/auth.log

After resetting fail2ban, fail2ban-client status shows the number of jails as 0. I haven't made any changes to fail2ban.conf

Not quite sure how to proceed. Also, not certain if this is also covering luci login. Any help would be really appreciated!

that's not really a openwrt question, but fail2ban ....

however ...

enabled = true
mode = aggressive
maxretry = 2

Thanks for replying. I understand this is not the best place, but I thought that there may be specific configs for openwrt? Still now working by entering that. Do you have it set up yourself? What were the steps you took, if you don't mind me asking?

I have, but I use it on Fedora.

What doesn't work, banning, or won't the jail enable ?

The jail won't enable. Apart form what I mentioned, I haven't configured anything else.

Just installed it on openwrt.

it's (in my case) because the log file the ssh jail is supposed to read doesn't exist,
if I create an empty file (by touch), the jail will get enabled.

Thanks for that - I had to enable the log to be written to a file. Then created a jail.local file, and I have SSH protection by enabling the dropbear jail.

Is there a way to also protect against LUCI logins? It doesn't seem to support uhttpd, but I just want to check I'm not missing anything.

Thanks for the help.

Don't think so, but I don't run it on openwrt.

Check if lighttpd still is supported, could just replace the web server...

Another option is to write your own rules, for uhttpd, it's no rocket science.

Thanks. I'll look into that!