An Effective Method to Quickly Set Up Fail2ban in Proxmox VE to Prevent Multiple Failed Login Attempts

This briefly introduces how to set up Fail2ban in Proxmox VE to temporarily block IP addresses with multiple failed login attempts.

Install Fail2ban

Execute the following commands as root on the Proxmox VE host:

apt update
apt install fail2ban

Configure Basic Settings

It is recommended to use the /etc/fail2ban/jail.local file, whose settings take precedence over jail.conf. Use the following command to copy the template:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Set Up Jail Using systemd Backend

Add the following at the end of the /etc/fail2ban/jail.local file:

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
backend = systemd
maxretry = 3
findtime = 2d
bantime = 1h

Configure Filter

Create the file /etc/fail2ban/filter.d/proxmox.conf and add:

[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
journalmatch = _SYSTEMD_UNIT=pvedaemon.service

Enable Configuration

Restart the service using the following command:

systemctl restart fail2ban

Test Configuration

Attempt to log in through the web interface with an incorrect password or username, then test the configuration using the following command:

fail2ban-regex systemd-journal /etc/fail2ban/filter.d/proxmox.conf

Legacy Option: Using rsyslog Backend

Add the following at the end of the /etc/fail2ban/jail.local file:

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
bantime = 1h

For more details, please visit Fail2ban Proxmox VE文档.