Skip to content

Unbanning an IP from fail2ban

TL;DR

fail2ban-client set [jail name] unbanip [the IP]
for instance
fail2ban-client set sshd unbanip 123.123.123.123

Details

It’s this time of the year again. Time to get a new VPS or dedicated server, put the latest LTS Ubuntu on it, and configure it as close as possible to the one I set up X years before in order to then migrate. Of course, usually, “as close as possible” still means finding wtf happened to the configuration options and features you were using before, if not wtf happened to whole pieces of software…
Anyhow, in this process, I sometimes get a bit lost in what accounts exist, what credentials they use and, after one too many tries, end up banned by fail2ban. I could just wait it out, but this time I figured, it’s my server I should unban myself damnit.

The short version is:
1) if you are the one banned, get an alternative access to the console. For instance you could use Webmin. Or a VPN, or your phone connection to log in to SSH from another IP.
2) list jail names:
fail2ban-client status
3) decide which one issued the ban (should be easy if you got your own self banned, otherwise see longer version below)
4) unban the IP:
fail2ban-client set [jail name] unbanip [the IP]
For instance, if you got banned while logging in to SSH from IP 123.123.123.123:
fail2ban-client set sshd unbanip 123.123.123.123

Longer version / some more details:
Check if the IP is banned in iptables (NB: for some reason, for me iptables didn’t list all the IPs that could be listed directly from fail2ban-client status [jail name], so if you can’t see the IP you’re looking for here here, I guess just move on to the other options):
iptables -n -L
and/or check the ban logs:
sudo zgrep 'Ban' /var/log/fail2ban.log*
(or just the latest logs, which should usually be enough)
sudo zgrep 'Ban' /var/log/fail2ban.log
(or just the end of it)
tail /var/log/fail2ban.log
The log should mention the jail name as well. If unsure, use fail2ban-client status to list jail names.
You can also use fail2ban-client status sshd to check the list of banned IPs for one particular jail (here sshd)

Sources

Fail2Ban: how to unban IPs that are blocked?
Linux: Iptables Find / Check Banned IP Address

Posted in Linux, servers.

rev="post-4654" No comments

By patheticcockroach 2022-10-03

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA


« »