Fail2ban (Client)

Fail2ban is a tool that can dynamically block IP addresses causing potential issues on your server. Its configured using files in /etc/fail2ban (usually) but that's beyond the scope of this article, which is specific to managing fail2ban using its companion client tool. 

To get the status of your fail2ban 

<code shell [enable_line_numbers="true"]>fail2ban-client status</code>

which will produce a list of jails, e.g. 

<code [enable_line_numbers="true"]>Status
|- Number of jail:	6
`- Jail list:	dovecot, postfix, postfix-sasl, proftpd, sshd, webmin-auth</code>

If we want to see what's going on with a particular jail we can use

<code shell [enable_line_numbers="true"]>fail2ban-client status postfix-sasl</code>

And this will give something like

<code [enable_line_numbers="true"]>Status for the jail: postfix-sasl
|- Filter
|  |- Currently failed:	39
|  |- Total failed:	2700
|  `- Journal matches:	_SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned:	9
   |- Total banned:	89
   `- Banned IP list:	1.2.3.4 4.5.6.7 ....</code>
   
Now, you may be coming here because a client can no longer access a service and you may find their public IP in the Banned IP list. To remove it simply

<code shell [enable_line_numbers="true"]>fail2ban-client unban 1.2.3.4</code>

which will unban the ip 1.2.3.4 from all jails. If you just want to unban from a single jail, simply

<code shell [enable_line_numbers="true"]>fail2ban-client unban postfix-sasl 1.2.3.4</code>

Now, if you're client is a muppet and keeps getting banned because they have something that's repeatedly tripping the jail, then you can temporarily whitelist their ip with fail2ban, which will persist until the next time the daemon is restarted

<code shell [enable_line_numbers="true"]>fail2ban-client set postfix-sasl addignoreip 1.2.3.4</code>

Simple right?