How to Unban an IP properly with Fail2Ban

Solution 1:

With Fail2Ban before v0.8.8: 

fail2ban-client get YOURJAILNAMEHERE actionunban IPADDRESSHERE

With Fail2Ban v0.8.8 and later: 

fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE

The hard part is finding the right jail:

  1. Use iptables -L -n to find the rule name...
  2. ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.

Solution 2:

Since v0.8.8 there is the unbanip option (actionunban isn't for this purpose) It can be triggered by the set command, if you look at the list of options, you will see the syntax is. So it will be (by heart, please check):

fail2ban-client set ssh-iptables unbanip IPADDRESSHERE

more generic:

fail2ban-client set JAILNAMEHERE unbanip IPADDRESSHERE

works for me

Solution 3:

Example for SSH in interactive mode.

type in bash:

fail2ban-client -i

then in interactive mode type read the status of a jail:

status sshd

you'll get:

Status for the jail: ssh
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 6
|  `- File list:    /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 2
   `- Banned IP list:   203.113.167.162

then type in fail2ban interactive mode:

set sshd unbanip 203.113.167.162

you'll get:

203.113.167.162

it means no longer 203.113.167.162 in ban list.

Solution 4:

The answer of ukoda is wrong:

Call fail2ban-client without parameters and you see a list of possible commands:

get JAIL actionunban ACT

This gets the unban command for the action ACT for JAIL.

Look into the action parameter of the jail you defined, you probably have an iptables action and maybe some more like sendmail, whois or whatever. so in case your action was iptables it will look like this:

fail2ban-client get JAIL actionunban iptables

and the answer will be:

iptables -D fail2ban-NAME -s IP -j DROP

It will only show you what you would have to write for an unban. There is no unban command itself.

Solution 5:

If 192.168.2.1 is banned

sudo iptables -L

Check which Chain it's banned in e.g.

Chain fail2ban-sasl (1 references)

DROP all -- 192.168.2.1 anywhere

Then:

# to view the proper command for un-banning
sudo fail2ban-client get sasl actionunban
# actual command
iptables -D fail2ban-sasl -s 192.168.2.1 -j DROP

Tags:

Firewall

Iptables

Fail2Ban

Recent Posts