In a previous article was described how to install Fail2Ban. Now on a regular basis you'll need to reboot your operating system to finish installing (security) updates. Without extra measures previously banned IP addresses are being lost. To make a ban permanent you'll need to create a new file:
sudo touch /etc/fail2ban/ip.blacklist
Edit the file /etc/fail2ban/action.d/iptables-multiport.conf and search for actionban and add the second line:
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP echo <ip> >> /etc/fail2ban/ip.blacklist
Now search for actionstart and add the fourth line:
actionstart = iptables -N fail2ban-<name> iptables -A fail2ban-<name> -j RETURN iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name> cat /etc/fail2ban/ip.blacklist | sort | uniq | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done
Restart your service: sudo service fail2ban restart
Now you'll notice that IP's are being banned, and the ip.blacklist is getting filled with these IP addresses as well. When Fail2Ban service is restarted or your your system is restarted it will import all the IP's listed in the ip.blacklist.