How to Remove Banned IP from Fail2ban on CentOS 6 / CentOS 7

Remove Banned IP from Fail2ban

Fail2ban is a powerful intrusion prevention software framework, written in Python, that is designed to safeguard your server from brute-force attacks. It is widely utilized by a majority of VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity, such as excessive password failures, web server exploitation, WordPress plugin attacks, and other vulnerabilities.

If you have already installed and are using Fail2ban to protect your web server, you might be curious about how to identify the IPs banned or blocked by Fail2ban. Furthermore, you might want to learn how to remove a banned IP from the Fail2ban jail on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6/7. This guide will provide you with a step-by-step process to do just that.

Before we proceed, it’s important to understand the different types of web servers and their functionalities. For more information, you can visit our pages on the web server software, Apache, Nginx, and LiteSpeed.

Listing Banned IP Addresses

To view all the blocked IP addresses, you need to run the following command:

# iptables -L

This command will display a list of all the IP addresses that have been blocked by Fail2ban. The output will include various chains like ‘f2b-AccessForbidden’, ‘f2b-WPLogin’, ‘f2b-ConnLimit’, ‘f2b-ReqLimit’, ‘f2b-NoAuthFailures’, ‘f2b-SSH’, ‘f2b-php-url-open’, and ‘f2b-nginx-http-auth’, among others. These chains represent different rules set by Fail2ban to block IPs based on various conditions.

See also  How to Check Software or Packages Version in Linux

Example:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-AccessForbidden  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-WPLogin  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-ConnLimit  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-ReqLimit  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-NoAuthFailures  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-SSH    tcp  --  anywhere             anywhere            tcp dpt:ssh
f2b-php-url-open  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-nginx-http-auth  tcp  --  anywhere             anywhere            multiport dports http,https
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:EtherNet/IP-1
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Chain f2b-NoAuthFailures (1 references)
target     prot opt source               destination
REJECT     all  --  64.68.50.128         anywhere            reject-with icmp-port-unreachable
REJECT     all  --  104.194.26.205       anywhere            reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Removing a Banned IP from Fail2ban Jail

To remove a banned IP from the Fail2ban jail, you need to run the following command:

# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT

Replace ‘banned_ip’ with the actual IP address you wish to unban. This command will remove the specified IP address from the Fail2ban jail, thus allowing it to access your server again.

See also  How to Allow and Deny Access for Remote SSH to CentOS 6.2

This guide should provide you with a quick and easy way to manage banned IPs in Fail2ban on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6/7.

Commands Mentioned

  • # iptables -L – Lists all the IP addresses blocked by Fail2ban
  • # iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT – Removes a specific IP address from the Fail2ban jail

Conclusion

Managing your server’s security is a crucial task, and tools like Fail2ban make this task much easier by providing an automated way to block malicious IP addresses. However, there may be times when you need to unban an IP address. This guide has provided you with the necessary commands and steps to list all banned IP addresses and remove a specific IP from the Fail2ban jail.

Remember, it’s important to keep your server secure and regularly monitor for any suspicious activity. For more information on server hosting, you can visit our pages on dedicated server, VPS server, cloud hosting, and shared hosting.

We hope this guide has been informative and helpful. If you have any further questions or need more detailed instructions, feel free to reach out. Remember, maintaining the security of your server should always be a top priority. Stay safe and happy hosting!

FAQ

  1. What is Fail2ban?

    Fail2ban is an intrusion prevention software framework that protects your server from brute-force attacks. It is written in Python and is widely used by most VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity.

  2. How can I see the list of IP addresses blocked by Fail2ban?

    You can see the list of IP addresses blocked by Fail2ban by running the command ‘# iptables -L’. This command will display all the IP addresses that have been blocked.

  3. How can I remove a banned IP from Fail2ban jail?

    You can remove a banned IP from Fail2ban jail by running the command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’. Replace ‘banned_ip’ with the actual IP address you wish to unban.

  4. What does the command ‘# iptables -L’ do?

    The command ‘# iptables -L’ lists all the IP addresses that have been blocked by Fail2ban. It displays various chains representing different rules set by Fail2ban to block IPs based on various conditions.

  5. What does the command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’ do?

    The command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’ removes a specific IP address from the Fail2ban jail. You need to replace ‘banned_ip’ with the actual IP address you wish to unban.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *