Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Home/Tools/Fail2Ban Config Generator

Free Tool

Fail2Ban Config Generator

Generate ready-to-use Fail2Ban jail configurations for SSH, web servers, mail servers, and custom services. Includes filter patterns, ban actions, and best-practice defaults.

Jail Configuration

SSH (sshd)
Protect against SSH brute-force attacks
Apache
Auth failures, bad bots, and DoS protection
Nginx
HTTP auth, bad bots, and request limiting
Postfix
SMTP brute-force and relay abuse
Custom Service
Define your own jail with custom log path and regex
Enable the jails you need and click Generate Config.
Important: Always test Fail2Ban configurations with fail2ban-client -t before restarting the service. Use fail2ban-regex to test filter patterns against your log files. Overly aggressive settings can lock out legitimate users.

Understanding Fail2Ban Parameters

maxretry

Number of failures before a host is banned. Set lower for sensitive services (SSH: 3-5) and higher for web (5-10). Too low causes false positives; too high is ineffective.

bantime

Duration of the ban in seconds. Common values: 600 (10 min) for mild, 3600 (1 hour) for moderate, 86400 (24 hours) for aggressive. Use -1 for permanent bans.

findtime

Time window in which maxretry failures must occur to trigger a ban. If set to 600, the host must fail maxretry times within 10 minutes to get banned.

action

What happens when a ban triggers. iptables-multiport blocks via iptables, nftables-multiport uses nftables, firewallcmd-rich-rules uses firewalld. Some actions also send email alerts.

filter

The regex pattern file that Fail2Ban uses to detect failures in log files. Built-in filters exist for common services. Custom filters go in /etc/fail2ban/filter.d/.

logpath

Path to the log file that Fail2Ban monitors for the jail. Supports glob patterns. Ensure Fail2Ban has read permission on the log file.

ignoreip

IPs or CIDR ranges that should never be banned. Always include your own IPs and management networks. Separate multiple entries with spaces.

fail2ban-regex

Test tool: fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf - shows matches against real log data. Always test before deploying.

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →
Export your results