macOS
brew install fail2banlocal Homebrew formula metadata
sudo port install fail2banMacPorts ports tree · security/fail2ban/Portfile · source: api.github.com
brew
Scan log files and ban IPs showing malicious signs. Version 1.1.0 via Homebrew; verified from local package data.
install
brew install fail2banlocal Homebrew formula metadata
sudo port install fail2banMacPorts ports tree · security/fail2ban/Portfile · source: api.github.com
sudo apk add fail2banAlpine Linux edge package indexes · fail2ban · source: dl-cdn.alpinelinux.org
sudo apt install fail2banDebian stable package indexes · fail2ban · source: deb.debian.org
sudo dnf install fail2banFedora Rawhide package metadata · fail2ban · source: dl.fedoraproject.org
nix profile install nixpkgs#fail2bannixpkgs package indexes · pkgs/by-name/fa/fail2ban/package.nix · source: api.github.com
sudo pacman -S fail2banArch Linux sync databases · fail2ban · source: geo.mirror.pkgbuild.com
sudo zypper install fail2banopenSUSE Tumbleweed package metadata · fail2ban · source: download.opensuse.org
overview
Scan log files and ban IPs showing malicious signs
history
Fail2Ban is a long-running Python daemon and command-line toolkit for reacting to hostile log patterns by banning hosts through firewall actions. Its core appeal has stayed stable since the early releases: watch authentication and service logs, count repeated failures, and temporarily block the offending address.
The official changelog records Fail2Ban releases back to 0.1.0 in October 2004. Early 0.x releases moved quickly through alpha, beta, and stable lines, with 0.6.0 stable in 2005, the 0.7 branch in 2006, and 0.8.0 stable in 2007. The README still credits Cyril Jaquier as original author and describes the project as community-driven for years.
The 0.9 series, beginning in 2014, marked the modern service-management era by adding a systemd journal backend. The 0.10 line followed with IPv6 work, including an alpha labeled for IPv6 support in 2016 and a 0.10.0 release in 2017. Later releases continued to refine journald, iptables, nftables, firewalld, pf, and service-specific filters.
The 1.x line arrived with 1.0.1 and 1.0.2 releases in 2022 and 1.1.0 in 2024. These releases focused less on changing the basic model and more on compatibility, security, and operational maintenance: Python version support, CVE fixes, systemd backend stability, IPv6 auto-detection, newer service log formats, and additional filters and actions.
Fail2Ban became part of the standard Linux server-security toolbox because it matched the common shape of internet-facing Unix services: SSH, mail, web, and database daemons emitting failed-authentication logs. The project README says it is likely already packaged for a user's Linux distribution, and the supplied package-manager facts show broad availability across Alpine, Debian, Fedora/DNF, Homebrew, MacPorts, Nix, Arch, Ubuntu, and openSUSE.
Its adoption has been helped by configuration conventions that distributions can ship and administrators can override. Stock jails, filters, actions, and path files let package maintainers encode distribution-specific log locations while users keep local policy in `/etc/fail2ban`, especially `jail.local` and `jail.d` snippets.
A typical Fail2Ban deployment installs the daemon, enables selected jails such as `sshd`, and lets `fail2ban-server` monitor logs while administrators use `fail2ban-client` for status, reloads, and manual control. The README explicitly warns users to interact through `fail2ban-client` rather than calling the server directly.
The package also matters to operators because `fail2ban-regex` gives a local way to test filters against log samples before enabling bans. That workflow, plus filter and action directories, made Fail2Ban not just a daemon but a small domain-specific toolkit for converting service logs into firewall state.
Fail2Ban is significant in package-manager culture because it is both ordinary and sharp-edged: a tiny install command can place a privileged daemon, distro-specific defaults, init/systemd integration, and firewall actions on a host. Packagers must get paths, service units, Python dependencies, and default actions right or administrators either get no protection or accidental lockouts.
It is also a classic example of a package whose value comes from accumulated operational knowledge. The code is important, but the long tail of maintained filters for OpenSSH, Apache, nginx, Postfix, Dovecot, Exim, and many other services is why administrators keep installing it.
security posture
broad file, network, media, or database tool signal. formula declares a Homebrew service.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/fail2ban/jail.conf/etc/fail2ban/jail.local/etc/fail2ban/jail.d/*.conf/etc/fail2ban/filter.d/*.conf/etc/fail2ban/action.d/*.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
fail2ban-client | cli | global executable | |
fail2ban-python | cli | global executable | |
fail2ban-regex | cli | global executable | |
fail2ban-server | cli | global executable | |
fail2ban-testcases | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/fail2ban/fail2ban
install metadata
| Package key | brew:fail2ban |
|---|---|
| Version | 1.1.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/fail2ban |
| Homepage | https://www.fail2ban.org/ |
| Repository | https://github.com/fail2ban/fail2ban |
| Upstream docs | https://fail2ban.readthedocs.io/ |
| License | GPL-2.0-or-later |
| Source archive | https://github.com/fail2ban/fail2ban/archive/refs/tags/1.1.0.tar.gz |
| Dependencies | python@3.14 |
| Build dependencies | sphinx-doc |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | declared |
| Caveats | You must enable any jails by editing: $HOMEBREW_PREFIX/etc/fail2ban/jail.conf Other configuration files are in $HOMEBREW_PREFIX/etc/fail2ban. See more instructions at https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration. |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | fail2ban |
| Version Scheme | 0 |
| Revision | 2 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
fail2ban 1.1.0-8
ban hosts that cause multiple authentication errors
sudo apt install fail2banfail2ban
nix profile install nixpkgs#fail2banfail2ban 1.0.2-3
ban hosts that cause multiple authentication errors
sudo apt install fail2banfail2ban 1.1.0-r3
Scans log files for login failures then updates iptables to reject originating ip address
sudo apk add fail2banfail2ban-doc 1.1.0-r3
Scans log files for login failures then updates iptables to reject originating ip address (documentation)
sudo apk add fail2ban-docfail2ban-openrc 1.1.0-r3
Scans log files for login failures then updates iptables to reject originating ip address (OpenRC init scripts)
sudo apk add fail2ban-openrcfail2ban-pyc 1.1.0-r3
Precompiled Python bytecode for fail2ban
sudo apk add fail2ban-pycfail2ban-tests 1.1.0-r3
Fail2ban test cases
sudo apk add fail2ban-testsfail2ban 1.1.0-17.fc45
Daemon to ban hosts that cause multiple authentication errors
sudo dnf install fail2banfail2ban-all 1.1.0-17.fc45
Install all Fail2Ban packages and dependencies
sudo dnf install fail2ban-allfail2ban-firewalld 1.1.0-17.fc45
Firewalld support for Fail2Ban
sudo dnf install fail2ban-firewalldfail2ban-hostsdeny 1.1.0-17.fc45
Hostsdeny (tcp_wrappers) support for Fail2Ban
sudo dnf install fail2ban-hostsdenyfail2ban-mail 1.1.0-17.fc45
Mail actions for Fail2Ban
sudo dnf install fail2ban-mailfail2ban-selinux 1.1.0-17.fc45
SELinux policies for Fail2Ban
sudo dnf install fail2ban-selinuxfail2ban-sendmail 1.1.0-17.fc45
Sendmail actions for Fail2Ban
sudo dnf install fail2ban-sendmailfail2ban-server 1.1.0-17.fc45
Core server component for Fail2Ban
sudo dnf install fail2ban-serversource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.