# - Configure fail2ban as systemd service # - cat << EOF > /etc/systemd/system/fail2ban.service [Unit] Description=Fail2Ban Service Documentation=man:fail2ban(1) After=network.target iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service PartOf=iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service [Service] Type=simple ExecStartPre=/bin/mkdir -p /var/run/fail2ban ExecStart=/usr/local/bin/fail2ban-server -xf start # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local # ExecStart=/usr/local/bin/fail2ban-server -xf --logtarget=sysout start ExecStop=/usr/local/bin/fail2ban-client stop ExecReload=/usr/local/bin/fail2ban-client reload PIDFile=/var/run/fail2ban/fail2ban.pid Restart=on-failure RestartPreventExitStatus=0 255 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable fail2ban.service # - An alternative systemd configuration # - cat << EOF > /etc/systemd/system/fail2ban.service [Unit] Description=Fail2Ban Service Documentation=man:fail2ban(1) After=network.target iptables.service firewalld.service ipt-firewall.service ip6t-firewall.service PartOf=iptables.service firewalld.service ipt-firewall.service ip6t-firewall.service [Service] Type=forking ExecStart=/usr/bin/fail2ban-client -x start ExecStop=/usr/bin/fail2ban-client stop ExecReload=/usr/bin/fail2ban-client reload PIDFile=/var/run/fail2ban/fail2ban.pid Restart=always [Install] WantedBy=multi-user.target EOF