How to check and remove IPs from fail2ban

Background

Fail2ban is a really powerful utility and can help you out of a bind. The problem is the syntax – it’s changed and when you really need it on occasion it’s not entirely memorable. So here is a quick HOWTO to get you out of a bind.

Use the command sequence below to check for a banned IP address:

sudo zgrep 'Ban' /var/log/fail2ban.log* | grep x.y.150.94
/var/log/fail2ban.log:2020-11-20 08:18:32,558 fail2ban.actions [1547]: NOTICE [sshd] Ban x.y.150.94

Then remove it like so

fail2ban-client set sshd unbanip x.y.150.94

Then check if it worked like so:

sudo zgrep -i 'Unban' /var/log/fail2ban.log* | grep x.y.150.94
/var/log/fail2ban.log:2020-11-20 08:27:43,762 fail2ban.actions [1547]: NOTICE [sshd] Unban x.y.150.94

Look for Unban

Update July 2021

Once in a blue moon Fail2ban gives major issues in that it doesn’t want to unban an IP address. In that case you might want to resort to clearning it out completely using this command:

fail2ban-client unban --all

See Also

https://kb.vander.host/security/firewalld-cheat-sheet/

References

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top