It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.

[2] Fail2Ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured.

Fail2Ban can perform multiple actions whenever an abusive IP address is detected:[7] update Netfilter/iptables or PF firewall rules, TCP Wrapper's hosts.deny table, to reject an abuser's IP address; email notifications; or any user-defined action that can be carried out by a Python script.

The standard configuration ships with popular filters, including Apache, Lighttpd, sshd, vsftpd, qmail, Postfix and Courier Mail Server.

[8][9] Filters are defined by Python regexes, which may be conveniently customized by an administrator familiar with regular expressions.