Security

How to unban an IP in fail2ban

Many of the security tools do not protect your system from compromise. Even setting the strongest password does not solve the problem as it can also be broken with several techniques. Fail2ban is a great tool that allows you to ban the IP address that is making incorrect authentication attempts. Rather than allowing a user to make tries and succeeds, it blocks them in the first place. Hence, it prevents intrusion before they comprise your system.

While making incorrect authentication attempts, sometimes fail2ban can block legitimate connections too. By default, the ban time is 10 minutes. After 10 minutes, a banned IP address is unbanned automatically. However, if a legitimate system is banned and you can’t wait for the ban time to expire, you can manually unban it. In this post, we will describe how to unban an IP address in fail2ban.

Background:

When a user tries to login with an incorrect password more than specified by the maxretry option in the /etc/fail2ban/jail.local file, it gets banned by fail2ban. By banning the system’s IP address, no user on the banned system can use the banned service.

Following is the error message received by a user with the IP address “192.168.72.186” banned by fail2ban. It was attempting to log in to the server via SSH using the incorrect passwords.

View Banned IP address and jail information

To find out which IP addresses are banned and at what time, you can view the logs from the server where fail2ban is installed:

$ cat /var/log/fail2ban.log

The following output shows the IP address “192.168.72.186” is banned by fail2ban and is in jail named “sshd.”

You can also use the following command with the jail name to show banned IPs:

$ sudo fail2ban-client status <jail_name>

For example, in our case, the banned IP address is in “sshd” jail, so that the command would be:

$ sudo fail2ban-client status sshd

The output confirms the IP address “192.168.72.186” is in jail named “sshd.”

Unban an IP in fail2ban

To unban an IP address in fail2ban and remove it from the jail, use the following syntax:

$ sudo fail2ban-client set jail_name unbanip xxx.xxx.xxx.xxx

where “jail_name” is the jail where the banned IP address is in and “xxx.xxx.xxx.xxx” is the IP address that is banned.

For example, to unban an IP address “192.168.72.186,” which is in the jail “sshd,” the command would be:

$ sudo fail2ban-client set sshd unbanip 192.168.72.186

Verify if the IP address has been unbanned

Now to verify if the IP address has been unbanned, view the logs using the command below:

$ cat /var/log/fail2ban.log

In the logs, you will see an Unban entry.

Or you can also use the following command to confirm if the IP address has been unbanned:

$ sudo fail2ban-client status <jail_name>

Replace “jail_name” with the name of the jail where the banned IP address was in.

If you do not find the IP address listed in the Banned IP list, it means it has been successfully unbanned.

This is how you can unban an IP address in fail2ban. After unbanning the IP address, you can easily log in to the server via SSH.

About the author

Karim Buzdar

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.