About Fail2ban IP blocking
Fail2ban is fantastic Linux security software that blocks multiple authentication failures on a Linux host. The beauty of this software is hackers are locked and a fixed amount of attemtps and you can greatly fine tune the system. Additionally, it support a number of protocols, including
dovecot, and many many more.
Checking locked out IP addresses
Occasionally you may want to check the IPs that are blocked, for example, if a known client inadvertently repeatedly tried the wrong password.
To check which IPs have been blocked by Fail2ban
postfix-sasl jail, use the following command:
fail2ban-client status postfix-sasl
Status for the jail: postfix-sasl |- Filter | |- Currently failed: 1 | |- Total failed: 92763 | `- Journal matches: _SYSTEMD_UNIT=postfix.service `- Actions |- Currently banned: 3 |- Total banned: 12004 `- Banned IP list: 18.104.22.168 22.214.171.124 126.96.36.199
To see which jails are active, use the following command:
[[email protected] ~]# fail2ban-client status
Status |- Number of jail: 7 `- Jail list: dovecot, postfix, postfix-sasl, proftpd, ssh-ddos, sshd, webmin-auth