I run many internet-facing servers reporting SSH dictionary and DDoS attacks via Fail2Ban to blocklist.de and sometimes end up in a situation where I manage to block myself out from my servers, especially when my residential ISP IP address changes. Here is a recap of what I do to unban a IP from Fail2Ban's SSH jail.
Execute the following three steps to unban (unblock) a IP address banned by Fail2Ban in the SSH jail. Tested on Fail2Ban v0.8.11. These steps do not need arcane fail2ban-client commands and manipulate iptables directly instead.
Step 1
# iptables -n -L --line-numbers | grep <ip address to unban>
Step 2
Note down the line number (rule number) at the beginning of the output of the prior command line.
Step 3
# iptables -D fail2ban-ssh <line number from previous step>
Note: At this point, re-run Step 1. If the IP address still shows up as banned, it is possible the jail name needs to be adjusted:
# iptables -D fail2ban-pam-generic <line number from previous step>
Note: At this point, re-run Step 1. If the IP address still shows up as banned, it is possible the jail name needs to be adjusted:
# iptables -D fail2ban-pam-generic <line number from previous step>
That's it. You can, of course, add the IP to be never banned to jail.local's exclusion list for the ban to not happen again.
If you are looking for a list of great IP blocklists, here is what I use on my pfSense gateway with pfBlockerNG.
No comments:
Post a Comment
"SEO" link builders: move on, your spam link will not get posted.
Note: Only a member of this blog may post a comment.