Network services ensure interaction of devices on the network — computers and other active equipment. For example, the sshd service provides connections to the server via SSH, the httpd service is responsible for connections to the web server, etc.

In the "Network services" module you can configure:

  • access rules for your server's network services;
  • protection against network attacks of the "brute force" type using the Fail2ban service.

To work with the module, enter System → Network Services.

Configuring access rules


Viewing the list of network services

The module interface displays the following information:

  • Service name — the name of the network service;
  • Protocol — the protocol for connecting to the server;
  • Ports — the port on which the connection is made.

Adding a rule

To add an access rule to a service, select its name in the list and press Add. Read more about creating rules in Firewall rules.

Configuring the Fail2ban service


The Fail2ban service blocks access to a network service from a specific IP address after a specified number of suspicious connection attempts. For example, if the attacker tries to connect with the wrong password.

In the Fail2ban settings you can configure:

  • the number of connection attempts;
  • blocking time;
  • IP addresses that should not be blocked.

By default, ISPmanager applies global Fail2ban parameters to network services. You can also specify individual settings for each service rule.

Global settings

To set global Fail2ban parameters:

  1. Press the Fail2ban settings button.
  2. Specify the settings:
  1. Attempts number after which access will be blocked.
  2. Ban time — the time for which the service is blocked.
  3. Never ban — IP addresses that should not be blocked. You can specify a space-separated list of IP addresses, a subnet mask or a DNS server name.
  • To apply these settings to all created rules, enable the Apply to all rules option.
  • Press OK.

Individual service settings

To configure settings for an individual service, select the service from the list → Fail2ban rules button → select the rule → press Edit:

  1. Select the Enable rule option.
  2. Specify the settings:
  1. Attempts number after which access will be blocked.
  2. Ban time — the time for which the service is blocked.
  3. Never ban — IP addresses that should not be blocked. You can specify a space-separated list of IP addresses, a subnet mask or a DNS server name.
  • Press OK.

Rule management

Use the Enable all rules and Disable all rules buttons to enable or disable all Fail2ban rules created for the service.

To enable or disable an individual rule, select the service → Fail2ban rules button → select the rule → press Enable or Disable.