Fail2ban is a powerful intrusion prevention software framework, written in Python, that is designed to safeguard your server from brute-force attacks. It is widely utilized by a majority of VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity, such as excessive password failures, web server exploitation, WordPress plugin attacks, and other vulnerabilities.
If you have already installed and are using Fail2ban to protect your web server, you might be curious about how to identify the IPs banned or blocked by Fail2ban. Furthermore, you might want to learn how to remove a banned IP from the Fail2ban jail on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6/7. This guide will provide you with a step-by-step process to do just that.
Before we proceed, it’s important to understand the different types of web servers and their functionalities. For more information, you can visit our pages on the web server software, Apache, Nginx, and LiteSpeed.
Listing Banned IP Addresses
To view all the blocked IP addresses, you need to run the following command:
# iptables -L
This command will display a list of all the IP addresses that have been blocked by Fail2ban. The output will include various chains like ‘f2b-AccessForbidden’, ‘f2b-WPLogin’, ‘f2b-ConnLimit’, ‘f2b-ReqLimit’, ‘f2b-NoAuthFailures’, ‘f2b-SSH’, ‘f2b-php-url-open’, and ‘f2b-nginx-http-auth’, among others. These chains represent different rules set by Fail2ban to block IPs based on various conditions.
Example:
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination f2b-AccessForbidden tcp -- anywhere anywhere tcp dpt:http f2b-WPLogin tcp -- anywhere anywhere tcp dpt:http f2b-ConnLimit tcp -- anywhere anywhere tcp dpt:http f2b-ReqLimit tcp -- anywhere anywhere tcp dpt:http f2b-NoAuthFailures tcp -- anywhere anywhere tcp dpt:http f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh f2b-php-url-open tcp -- anywhere anywhere tcp dpt:http f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:EtherNet/IP-1 ACCEPT tcp -- anywhere anywhere tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-NoAuthFailures (1 references) target prot opt source destination REJECT all -- 64.68.50.128 anywhere reject-with icmp-port-unreachable REJECT all -- 104.194.26.205 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere
Removing a Banned IP from Fail2ban Jail
To remove a banned IP from the Fail2ban jail, you need to run the following command:
# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT
Replace ‘banned_ip’ with the actual IP address you wish to unban. This command will remove the specified IP address from the Fail2ban jail, thus allowing it to access your server again.
This guide should provide you with a quick and easy way to manage banned IPs in Fail2ban on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6/7.
Commands Mentioned
- # iptables -L – Lists all the IP addresses blocked by Fail2ban
- # iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT – Removes a specific IP address from the Fail2ban jail
Conclusion
Managing your server’s security is a crucial task, and tools like Fail2ban make this task much easier by providing an automated way to block malicious IP addresses. However, there may be times when you need to unban an IP address. This guide has provided you with the necessary commands and steps to list all banned IP addresses and remove a specific IP from the Fail2ban jail.
Remember, it’s important to keep your server secure and regularly monitor for any suspicious activity. For more information on server hosting, you can visit our pages on dedicated server, VPS server, cloud hosting, and shared hosting.
We hope this guide has been informative and helpful. If you have any further questions or need more detailed instructions, feel free to reach out. Remember, maintaining the security of your server should always be a top priority. Stay safe and happy hosting!
FAQ
-
What is Fail2ban?
Fail2ban is an intrusion prevention software framework that protects your server from brute-force attacks. It is written in Python and is widely used by most VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity.
-
How can I see the list of IP addresses blocked by Fail2ban?
You can see the list of IP addresses blocked by Fail2ban by running the command ‘# iptables -L’. This command will display all the IP addresses that have been blocked.
-
How can I remove a banned IP from Fail2ban jail?
You can remove a banned IP from Fail2ban jail by running the command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’. Replace ‘banned_ip’ with the actual IP address you wish to unban.
-
What does the command ‘# iptables -L’ do?
The command ‘# iptables -L’ lists all the IP addresses that have been blocked by Fail2ban. It displays various chains representing different rules set by Fail2ban to block IPs based on various conditions.
-
What does the command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’ do?
The command ‘# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT’ removes a specific IP address from the Fail2ban jail. You need to replace ‘banned_ip’ with the actual IP address you wish to unban.