How to see a list of Fail2ban IPs

About Fail2ban IP blocking

Fail2ban is fantastic Linux security software that blocks multiple authentication failures on a Linux host. The beauty of this software is hackers are locked and a fixed amount of attemtps and you can greatly fine tune the system. Additionally, it support a number of protocols, including sshd, postfix-sasl, dovecot, and many many more.

Checking locked out IP addresses

Occasionally you may want to check the IPs that are blocked, for example, if a known client inadvertently repeatedly tried the wrong password.

To check which IPs have been blocked by Fail2ban postfix-sasl jail, use the following command:

fail2ban-client status postfix-sasl

Sample output:

Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 1
| |- Total failed: 92763
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 3
|- Total banned: 12004
`- Banned IP list: 103.231.139.55 103.231.139.149 103.231.139.142

To see which jails are active, use the following command:

[[email protected] ~]# fail2ban-client status

Sample output:

Status
|- Number of jail: 7
`- Jail list: dovecot, postfix, postfix-sasl, proftpd, ssh-ddos, sshd, webmin-auth

Reference:
https://www.the-lazy-dev.com/en/fail2ban-client-show-banned-ips/

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top