Firewall
The Firewall tab on a server page is the standing view of what UFW and Fail2Ban are doing on the box: which ports are open, which jails are enabled, which IPs are currently banned and what has been banned or unbanned in the last day.
You reach it from any server page → Firewall tab.
What you see
Section titled “What you see”- UFW status — whether UFW is installed and enabled, plus the numbered rule list exactly as
ufw status numberedwould print it (action, port/range, protocol, source, and any comment). - Fail2Ban jails — every jail HostAtlas has discovered, with its enabled/disabled state and the count of currently-banned IPs.
- Bans in the last 24 hours — a single KPI number, plus the recent event stream (ban, unban, source jail, IP, timestamp).
- Recent events — the last 50 ban/unban events across all jails, useful for spotting a brute-force wave that started an hour ago.
If neither UFW nor Fail2Ban is present on the server the tab shows install cards for each — one click queues the install on the agent.
What you can do
Section titled “What you can do”UFW
- Enable or Disable UFW as a whole.
- Add a rule — pick
allow/deny/reject, a port or port range, optional protocol (TCP/UDP), optional source IP or CIDR, optional comment. - Delete a rule by its number from the rule list.
- Install UFW if it’s not there yet. HostAtlas explicitly allows your current SSH port before the firewall goes live so you don’t lock yourself out.
Fail2Ban
- Ban an IP into a specific jail with an optional duration (60 seconds to 7 days).
- Unban an IP from a specific jail.
- Enable or Disable an individual jail.
- Install Fail2Ban if it’s not present.
How it works
Section titled “How it works”The agent runs a firewall snapshot every minute: it reads UFW’s numbered rule list, fail2ban-client status for each jail and parses the Fail2Ban log for recent ban/unban lines. HostAtlas stores the latest snapshot per server and the last 50 events.
When you add a rule, ban an IP or toggle a jail, HostAtlas queues an agent command on the server. The agent picks it up on its next heartbeat (typically within 15 seconds), applies the change on the box and reports back. The UI polls for the updated snapshot so a new rule usually appears within a minute.
Related
Section titled “Related”- Attack Mode — high-frequency monitoring plus rapid IP bans while a host is under attack.
- Servers — where the Firewall tab lives.
- SSH Gatekeeper — for controlling who can SSH in, complementary to controlling which ports are open.