Unban IP
fail2ban add ip manually Block-Ban ip
Jail list: dovecot, postfix-auth, postfix-sasl, pure-ftpd, sshd
# fail2ban-client set postfix-auth banip 222.190.163.157
Status for the jail: pure-ftpd `- Banned IP list: Status for the jail: sshd `- Banned IP list: Status for the jail: dovecot `- Banned IP list: Status for the jail: postfix-auth `- Banned IP list: 222.190.163.157 Status for the jail: postfix-sasl `- Banned IP list:
---------------------X---------------------------------
How to Remove Banned IP from Fail2ban on CentOS 6 / CentOS 7
Unban an IP properly with Fail2Ban
# fail2ban-client set postfix-auth unbanip 222.190.163.157
systemctl restart fail2ban.service
service fail2ban restart
----
# tail -n 5 /var/log/fail2ban.log
run:
iptables -L
For example we need to unban 10.110.11.16
Then get the actual jails list:
fail2ban-client status
Unban command is: fail2ban-client set jailname unbanip m.y.i.p
For unban 10.110.11.16 IP from asterisk jail run command:
fail2ban-client set asterisk unbanip 10.110.11.16
--------------------
Unbanning an IP address banned with fail2ban
$ ssh jdoe@example.com ssh: connect to host example.com port 22: Connection refused $
The fail2ban log on the system is at /var/log/fail2ban.log. You can check that log to see which IP addresses were banned and the time any bans went into effect. So I first verified the IP address from which the login attempts were made.
# tail -n 3 /var/log/fail2ban.log 2017-07-13 21:59:06,304 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 2017-07-13 21:59:06,818 fail2ban.actions [1664]: NOTICE [sshd] Ban 192.168.1.21 2017-07-13 21:59:11,538 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 #
You can determine the name for the jail the IP address is in by issuing the command fail2ban-client status.
# fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd #
You can then use the name of the jail, in this case "sshd", to manually unban the IP address with the command fail2ban-client set jail_name unbanip xxx.xxx.xxx.xxx where jail_name is the name of the jail in which the IP addres has been placed and xxx.xxx.xxx.xxx is the IP address of the banned system. E.g.:
# fail2ban-client set sshd unbanip 192.168.1.21 192.168.1.21 #
When I issued that command, an unban entry was then placed in the fail2ban log.
# tail -n 1 /var/log/fail2ban.log 2017-07-13 22:32:55,751 fail2ban.actions [1664]: NOTICE [sshd] Unban 192.168.1.21
If you attempt to unban an IP address that isn't banned, perhaps because it was already unbanned manually or due to the ban period expiring, you will see a message similar to the one below:
# fail2ban-client set sshd unbanip 192.168.1.21 ERROR NOK: ('IP 192.168.1.210 is not banned',) IP 192.168.1.210 is not banned #
Related articles:
------------------------------
# iptables -LChain INPUT (policy ACCEPT) target prot opt source destination f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https
How to Remove Banned IP from Fail2ban jail
# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT
Reject IP List -Log
# iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}'
Ban IP Address List
# fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk '{split($2,a,",");for(i in a) system("fail2ban-client status " a[i])}' | grep "Status\|IP list"
----