While making incorrect authentication attempts, sometimes fail2ban can block legitimate connections too. By default, the ban time is 10 minutes. After 10 minutes, a banned IP address is unbanned automatically. However, if a legitimate system is banned and you can’t wait for the ban time to expire, you can manually unban it. In this post, we will describe how to unban an IP address in fail2ban.
When a user tries to login with an incorrect password more than specified by the maxretry option in the /etc/fail2ban/jail.local file, it gets banned by fail2ban. By banning the system’s IP address, no user on the banned system can use the banned service.
Following is the error message received by a user with the IP address “192.168.72.186” banned by fail2ban. It was attempting to log in to the server via SSH using the incorrect passwords.
View Banned IP address and jail information
To find out which IP addresses are banned and at what time, you can view the logs from the server where fail2ban is installed:
The following output shows the IP address “192.168.72.186” is banned by fail2ban and is in jail named “sshd.”
You can also use the following command with the jail name to show banned IPs:
For example, in our case, the banned IP address is in “sshd” jail, so that the command would be:
The output confirms the IP address “192.168.72.186” is in jail named “sshd.”
Unban an IP in fail2ban
To unban an IP address in fail2ban and remove it from the jail, use the following syntax:
where “jail_name” is the jail where the banned IP address is in and “xxx.xxx.xxx.xxx” is the IP address that is banned.
For example, to unban an IP address “192.168.72.186,” which is in the jail “sshd,” the command would be:
Verify if the IP address has been unbanned
Now to verify if the IP address has been unbanned, view the logs using the command below:
In the logs, you will see an Unban entry.
Or you can also use the following command to confirm if the IP address has been unbanned:
Replace “jail_name” with the name of the jail where the banned IP address was in.
If you do not find the IP address listed in the Banned IP list, it means it has been successfully unbanned.
This is how you can unban an IP address in fail2ban. After unbanning the IP address, you can easily log in to the server via SSH.