I recently installed fail2ban on a VPS ( Ubuntu 20.04 ), with a very simple configuration to disperse ssh brute-force attackers.
I am using fail2ban with ufw ( banaction = ufw ) and I decided to ban them permanently ( bantime = -1 ).
This works great and it's exactly the result I was after. One caveat though:
When looking at the lengthy list of banned IP's returned by fail2ban and ufw status queries after 10 days it makes me wonder:
Is this setup going to lead to storage problems eventually?
( This is a matter of experience, and I have next to none in this field ).
If storage might become an issue, would it perhaps be a better idea to work with finite bantime values?
I have deliberately chosen a very simply setup ( in line with the limited knowledge and time I have ). Here is the simple sshd jail I defined in 'jail.local':
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 7
banaction = ufw
findtime = 86400
bantime = -1
