Template Overview
Templates define fail2ban jail configurations that can be deployed to servers. Bloqd includes 24+ pre-configured templates for common services.
What is a Template?
A template consists of two parts:
- Filter: Regex patterns to match log entries
- Jail Configuration: How fail2ban handles matches
When you enable a template on a server, Bloqd:
- Deploys the filter to
/etc/fail2ban/filter.d/ - Deploys the jail config to
/etc/fail2ban/jail.d/ - Reloads fail2ban to activate
Template Categories
| Category | Description | Templates |
|---|---|---|
| Common | Essential jails | sshd, recidive |
| Web | Web servers | nginx-, apache- |
| Email servers | postfix, dovecot | |
| Mailcow | Mailcow Docker stack | mailcow-* |
| FTP | FTP servers | vsftpd, proftpd, pure-ftpd |
| Databases | Database servers | mysqld, mongodb |
| Proxy | Reverse proxies | traefik, caddy |
| Web Apps | Applications | wordpress, nextcloud, grafana |
| Virtualization | Hypervisors | proxmox-* |
Template Settings
Each template has configurable settings:
| Setting | Description | Placeholder |
|---|---|---|
| Log Path | Path to log file | __LOGPATH__ |
| Port | Service port(s) | __PORT__ |
| Max Retry | Failed attempts before ban | __MAXRETRY__ |
| Find Time | Window for counting attempts | __FINDTIME__ |
| Ban Time | Duration of ban | __BANTIME__ |
Builtin vs Custom
| Feature | Builtin | Custom |
|---|---|---|
| Editable | No | Yes |
| Deletable | No | Yes |
| Updated automatically | Yes | No |
| License requirement | Free | Personal+ |
Builtin templates are updated with Bloqd releases to fix regex patterns and add support for new software versions.
Docker Support
Some templates support Docker containers:
is_docker: true
docker_container_filter: "name=postfix-mailcow"
For Docker templates, Bloqd:
- Creates a log streaming service
- Streams container logs to a file
- fail2ban monitors the log file
Filter Syntax
Basic Pattern
[Definition]
failregex = ^.*authentication failed from <HOST>.*$
ignoreregex =
<HOST>- Special placeholder for IP extraction^- Start of line$- End of line.*- Match any characters
Multiple Patterns
failregex = ^.*pattern one from <HOST>.*$
^.*pattern two from <HOST>.*$
^.*pattern three from <HOST>.*$
Date Pattern
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
Common patterns:
%%Y-%%m-%%d %%H:%%M:%%S- ISO format%%b %%d %%H:%%M:%%S- Syslog format%%d/%%b/%%Y:%%H:%%M:%%S %%z- Nginx format
Jail Configuration
Standard Jail
[jail-name]
enabled = true
port = http,https
filter = jail-name
logpath = /var/log/app/access.log
maxretry = 5
findtime = 10m
bantime = 1h
Systemd Backend
For services using systemd journal:
[proxmox]
enabled = true
port = 8006
filter = proxmox
backend = systemd
maxretry = 3
The filter includes journalmatch:
journalmatch = _SYSTEMD_UNIT=pvedaemon.service
Using Templates
During Server Setup
- Go to Servers → Add Server
- Select templates from the list
- Optionally customize:
- Log path (if different)
- Max retry
- Find time
- Ban time
- Generate install command
Adding to Existing Server
- Go to server detail page
- Click Edit Config
- Add new templates
- Configure settings
- Save changes
The agent applies changes on next sync.
Testing Templates
Test Filter Regex
# On the server
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/nginx-botsearch.conf
Output shows:
- Lines matched
- Lines ignored
- IP addresses extracted
Check Jail Status
fail2ban-client status nginx-botsearch
Shows:
- Currently banned IPs
- Total banned count
- Fail count