Fail2ban (Client)
Fail2ban is a tool that can dynamically block IP addresses causing potential issues on your server. Its configured using files in /etc/fail2ban (usually) but that's beyond the scope of this article, which is specific to managing fail2ban using its companion client tool.
To get the status of your fail2ban
which will produce a list of jails, e.g.
Status |- Number of jail: 6 `- Jail list: dovecot, postfix, postfix-sasl, proftpd, sshd, webmin-auth
If we want to see what's going on with a particular jail we can use
And this will give something like
Status for the jail: postfix-sasl |- Filter | |- Currently failed: 39 | |- Total failed: 2700 | `- Journal matches: _SYSTEMD_UNIT=postfix.service `- Actions |- Currently banned: 9 |- Total banned: 89 `- Banned IP list: 1.2.3.4 4.5.6.7 ....
Now, you may be coming here because a client can no longer access a service and you may find their public IP in the Banned IP list. To remove it simply
which will unban the ip 1.2.3.4 from all jails. If you just want to unban from a single jail, simply
Now, if you're client is a muppet and keeps getting banned because they have something that's repeatedly tripping the jail, then you can temporarily whitelist their ip with fail2ban, which will persist until the next time the daemon is restarted
Simple right?