FEATURE Client Server

From Fail2ban
Jump to: navigation, search

Client/Server architecture

Until version 0.6, Fail2ban daemon was simply an application running in background and detached from any terminal. It did not allow reconfiguration of the daemon while running or any type of communication with it.

Fail2ban is now split into two parts:

  • Server
  • Client

The Server daemon monitors log file(s) and executes actions when a host is to be banned. The configuration of the Server is done by the Client which handles reading of configuration files. Communication between the Client and the Server is done through a socket. A protocol is defined. This allows dynamic reconfiguration of the Server and communication with it in order to retrieves, per example, statistics.


  • Commands are serialized before sending. Every command must end with the string <F2B_END_COMMAND> which is used to detect the end of a command. The flag <F2B_END_COMMAND> is added at the end of the serialized string.
  • Every time a command is sent to Server, the server replies with the status of the executed command.

Commands are split into several categories:


add <Jail> Create a new Jail
start <Jail> Start the Jail
stop <Jail> Stop the Jail
quit Quit the daemon



set loglevel <value> Set the log level to the value


set <Jail> idle <value> Set the Jail idle flag to value (on|off)


set <jail> logpath <value> Set the path value of the log file for Jail
set <jail> timeregex <value> Set the regular expression value matching the date format for Jail