How to protect your IPv6 Debian server using fail2ban
Dual-stack IPv4 / IPv6 connectivity support was finally added to fail2ban during 2017. This tutorial explains how to install a fail2ban version that protects both IPv4 and IPv6 servers.
The main purpose of fail2ban is to find and temporarily ban IP addresses with aggressive behavior against vulnerable services, analyzing their failed login attempts.
A password attack consists on testing many frequently used passwords (dictionary attack) or all possible combinations of a given length (brute force attack).
A fail2ban version with IPv6 support is available for Debian Stretch and Debian Buster in this Debian repository, though it will be available in the official Debian repository one day.
Replace the following green lines with the bolded ones in /etc/fail2ban/jail.local (if present only).
Install or upgrade fail2ban
These commands will install or upgrade fail2ban using either our Debian repository or direct download respectively.
apt-get install fail2ban
apt-get install python3
dpkg -i fail2ban.deb; rm fail2ban.deb
Enable jails to protect vulnerable services
There are many jails you can enable, for more information read /etc/fail2ban/jail.conf, but edit /etc/fail2ban/jail.local instead.
Below are some examples. Once finished, reload the configuration files running
fail2ban-client reload command.
Check version and status
Dual-stack IPv4 / IPv6 support was added to version 0.10.0, running the following commands you can check your fail2ban version number and status.