UFW, fail2ban, and Banning Repeat Offenders

Ahnii! This is part 3 of the Production Linux series . Previous: SSH Hardening . UFW blocks ports. fail2ban blocks behavior. Together they form your server's intrusion response layer — UFW narrows the attack surface, fail2ban watches the traffic that gets through and bans the IPs that misbehave. This post covers UFW rule ordering, building a fail2ban jail for Caddy's JSON access logs, and escalating repeat offenders to a week-long all-ports block with the recidive jail. UFW Beyond the Basics If UFW isn't installed, add it: apt install ufw Install the package. On most Ubuntu VPS images it's already present. Allow SSH before enabling UFW. This is the most common mistake. If you enable UFW without allowing SSH first, you will lock yourself out of the server. ufw allow OpenSSH ufw allow 80/tcp ufw allow 443/tcp These three rules cover SSH, HTTP, and HTTPS. Add any other ports your services need before the next step. ufw enable Enabling UFW applies the default policy — deny incoming, allow