Unban IP

fail2ban add ip manually Block-Ban ip

Jail list: dovecot, postfix-auth, postfix-sasl, pure-ftpd, sshd

# fail2ban-client set postfix-auth banip 222.190.163.157

Status for the jail: pure-ftpd `- Banned IP list: Status for the jail: sshd `- Banned IP list: Status for the jail: dovecot `- Banned IP list: Status for the jail: postfix-auth `- Banned IP list: 222.190.163.157 Status for the jail: postfix-sasl `- Banned IP list:

---------------------X---------------------------------

How to Remove Banned IP from Fail2ban on CentOS 6 / CentOS 7

fail2ban-client set dovecot unbanip 203.76.149.206

systemctl restart fail2ban.service

service fail2ban restart

Unban an IP properly with Fail2Ban

# fail2ban-client set postfix-auth unbanip 222.190.163.157

systemctl restart fail2ban.service

service fail2ban restart

----

# tail -n 5 /var/log/fail2ban.log

run:

iptables -L

For example we need to unban 10.110.11.16

Then get the actual jails list:

fail2ban-client status

Unban command is: fail2ban-client set jailname unbanip m.y.i.p

For unban 10.110.11.16 IP from asterisk jail run command:

fail2ban-client set asterisk unbanip 10.110.11.16

--------------------

Unbanning an IP address banned with fail2ban

$ ssh jdoe@example.com ssh: connect to host example.com port 22: Connection refused $

The fail2ban log on the system is at /var/log/fail2ban.log. You can check that log to see which IP addresses were banned and the time any bans went into effect. So I first verified the IP address from which the login attempts were made.

# tail -n 3 /var/log/fail2ban.log 2017-07-13 21:59:06,304 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 2017-07-13 21:59:06,818 fail2ban.actions [1664]: NOTICE [sshd] Ban 192.168.1.21 2017-07-13 21:59:11,538 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 #

You can determine the name for the jail the IP address is in by issuing the command fail2ban-client status.

# fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd #

You can then use the name of the jail, in this case "sshd", to manually unban the IP address with the command fail2ban-client set jail_name unbanip xxx.xxx.xxx.xxx where jail_name is the name of the jail in which the IP addres has been placed and xxx.xxx.xxx.xxx is the IP address of the banned system. E.g.:

# fail2ban-client set sshd unbanip 192.168.1.21 192.168.1.21 #

When I issued that command, an unban entry was then placed in the fail2ban log.

# tail -n 1 /var/log/fail2ban.log 2017-07-13 22:32:55,751 fail2ban.actions [1664]: NOTICE [sshd] Unban 192.168.1.21

If you attempt to unban an IP address that isn't banned, perhaps because it was already unbanned manually or due to the ban period expiring, you will see a message similar to the one below:

# fail2ban-client set sshd unbanip 192.168.1.21 ERROR NOK: ('IP 192.168.1.210 is not banned',) IP 192.168.1.210 is not banned #

Related articles:

------------------------------

# iptables -LChain INPUT (policy ACCEPT) target prot opt source destination f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https

How to Remove Banned IP from Fail2ban jail

# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT

Reject IP List -Log

# iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}'

Ban IP Address List

# fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk '{split($2,a,",");for(i in a) system("fail2ban-client status " a[i])}' | grep "Status\|IP list"

----