How to see a list of Fail2ban IPs

About Fail2ban IP blocking

Fail2ban is fantastic Linux security software that blocks multiple authentication failures on a Linux host. The beauty of this software is hackers are locked and a fixed amount of attemtps and you can greatly fine tune the system. Additionally, it support a number of protocols, including sshd, postfix-sasl, dovecot, and many many more.

Checking locked out IP addresses

Occasionally you may want to check the IPs that are blocked, for example, if a known client inadvertently repeatedly tried the wrong password.

To check which IPs have been blocked by Fail2ban postfix-sasl jail, use the following command:

fail2ban-client status postfix-sasl

Sample output:

Status for the jail: postfix-sasl
|- Filter
| |- Currently failed: 1
| |- Total failed: 92763
| `- Journal matches: _SYSTEMD_UNIT=postfix.service
`- Actions
|- Currently banned: 3
|- Total banned: 12004
`- Banned IP list:

To see which jails are active, use the following command:

[root@host ~]# fail2ban-client status

Sample output:

|- Number of jail: 7
`- Jail list: dovecot, postfix, postfix-sasl, proftpd, ssh-ddos, sshd, webmin-auth


Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top