📖 ~1 min read
Table of contents
Symptom & Impact
Repeated brute-force sources are marked banned but continue to reach SSH service.
Environment & Reproduction
Ubuntu 24.04 LTS with fail2ban and nftables firewall stack enabled.
Root Cause Analysis
Jail banaction uses incompatible backend or chain placement does not affect active packet path.
Quick Triage
Check fail2ban-client status sshd and inspect active nft ruleset for fail2ban chains.
Step-by-Step Diagnosis
Compare jail.local banaction, backend selection, and nftables table family alignment.
Solution – Primary Fix
Set banaction to nftables-multiport, restart fail2ban, and confirm chain hook priority is effective.
Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Use UFW integration with fail2ban actions when operations standardize on UFW management.
Verification & Acceptance Criteria
New ban events insert nft rules and blocked sources cannot establish TCP sessions.
Rollback Plan
Revert jail action settings and reload previous firewall policy if service impact is observed.
Prevention & Hardening
Continuously test ban workflow in staging and keep fail2ban actions aligned with firewall backend.
Related Errors & Cross-Refs
Incorrect logpath, journal backend mismatch, and timezone parsing issues also break fail2ban effectiveness.
Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.
View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Fail2ban and nftables integration documentation for Ubuntu systems.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
