# - Configure fail2ban as systemd service
# -
cat << EOF > /etc/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/local/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/local/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/local/bin/fail2ban-client stop
ExecReload=/usr/local/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable fail2ban.service
# - An alternative systemd configuration
# -
cat << EOF > /etc/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ipt-firewall.service ip6t-firewall.service
PartOf=iptables.service firewalld.service ipt-firewall.service ip6t-firewall.service
[Service]
Type=forking
ExecStart=/usr/bin/fail2ban-client -x start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=always
[Install]
WantedBy=multi-user.target
EOF
