Friday, January 25, 2019

Three Steps to Unblock Fail2Ban Banned IP address from SSH Jail

Supratim Sanyal's Blog: Unban Unblock IP address blocked by Fail2Ban


I run many internet-facing servers reporting SSH dictionary and DDoS attacks via Fail2Ban to blocklist.de and sometimes end up in a situation where I manage to block myself out from my servers, especially when my residential ISP IP address changes. Here is a recap of what I do to unban a IP from Fail2Ban's SSH jail.

Execute the following three steps to unban (unblock) a IP address banned by Fail2Ban in the SSH jail. Tested on Fail2Ban v0.8.11. These steps do not need arcane fail2ban-client commands and manipulate iptables directly instead.

Step 1
# iptables -n -L --line-numbers | grep <ip address to unban>

Step 2
Note down the line number (rule number) at the beginning of the output of the prior command line.

Step 3
# iptables -D fail2ban-ssh <line number from previous step>

Note: At this point, re-run Step 1. If the IP address still shows up as banned, it is possible the jail name needs to be adjusted:
# iptables -D fail2ban-pam-generic <line number from previous step>

That's it. You can, of course, add the IP to be never banned to jail.local's exclusion list for the ban to not happen again.

If you are looking for a list of great IP blocklists, here is what I use on my pfSense gateway with pfBlockerNG.




No comments:

Post a Comment

"SEO" link builders: move on, your spam link will not get posted.

Note: Only a member of this blog may post a comment.