Date: 2025sep2 Distro: RedHat/Fedora/CentOS OS: Linux Q. fail2ban: How to setup on Fedora A. Do not directly modify /etc/fail2ban/jail.conf since that file might be replaced. In fact the top of the file says:

# Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.:

At least on Fedora, you should not make a jail.local copy. You don't want to duplicate all the settings. The Fedora way is to have minimal config files. So you create a file in /etc/fail2ban/jail.d named local.conf or similar. Or you can make one file service if you want. To keep maintenance simple, only specify the settings you want overridden. Here is a example /etc/fail2ban/jail.d/local.conf file from fedoraproject.org:

[DEFAULT] bantime = 24h sender = fail2ban@example.com destemail = root action = %(action_mwl)s [sshd] enabled = true

Its a very small number of lines but does the job. Now, restart fail2ban:

systemctl restart fail2ban

Check that its working:

systemctl status fail2ban