I just installed this and configured it on my FC7 server based on the write-up on here. This is my jail.conf file: Code: # Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 617 $ # # The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 192.168.1.150 192.168.1.110 126.96.36.199 # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 # "backend" specifies the backend used to get files modification. Available # options are "gamin", "polling" and "auto". This option can be overridden in # each jail too (use "gamin" for a jail and "polling" for another). # # gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin # is not installed, Fail2ban will use polling. # polling: uses a polling algorithm which does not require external libraries. # auto: will choose Gamin if available and polling otherwise. backend = auto # This jail corresponds to the standard configuration in Fail2ban 0.6. # The mail-whois action send a notification e-mail with a whois request # in the body. [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=root, sender=[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected] I am tailing my /var/log/messages log and i can see someone constantly trying to log into via FTP, but when I look at the fail2ban logs, I don't see anything trying to stop them. Code: [root@ns1 ~]# tail -f /var/log/fail2ban.log Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> 2008-10-13 22:31:13,601 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started From: Fail2Ban <<sender>> To: <dest>\n Hi,\n The jail <name> has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest> 2008-10-13 22:31:13,605 fail2ban.actions.action: INFO Set actionUnban = 2008-10-13 22:31:13,608 fail2ban.actions.action: INFO Set actionCheck = Is my config not set up correctly?