{"id":6531,"date":"2015-12-03T21:33:55","date_gmt":"2015-12-03T13:33:55","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=6531"},"modified":"2023-06-26T20:56:04","modified_gmt":"2023-06-26T20:56:04","slug":"how-to-remove-banned-ip-from-fail2ban-on-centos","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-remove-banned-ip-from-fail2ban-on-centos\/","title":{"rendered":"How to Remove Banned IP from Fail2ban on CentOS 6 \/ CentOS 7"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignnone wp-image-6549 size-full lazyload\" data-src=\"https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2015\/12\/security-265130_1280.jpg\" alt=\"Remove Banned IP from Fail2ban\" width=\"1280\" height=\"853\" data-srcset=\"https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2015\/12\/security-265130_1280.jpg 1280w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2015\/12\/security-265130_1280-300x200.jpg 300w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2015\/12\/security-265130_1280-768x512.jpg 768w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2015\/12\/security-265130_1280-1024x682.jpg 1024w\" data-sizes=\"(max-width: 1280px) 100vw, 1280px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1280px; --smush-placeholder-aspect-ratio: 1280\/853;\" \/><\/p>\n<p>Fail2ban is a powerful intrusion prevention software framework, written in Python, that is designed to safeguard your server from brute-force attacks. It is widely utilized by a majority of VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity, such as excessive password failures, web server exploitation, WordPress plugin attacks, and other vulnerabilities.<\/p>\n<p>If you have already installed and are using Fail2ban to protect your web server, you might be curious about how to identify the IPs banned or blocked by Fail2ban. Furthermore, you might want to learn how to remove a banned IP from the Fail2ban jail on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6\/7. This guide will provide you with a step-by-step process to do just that.<\/p>\n<p>Before we proceed, it&#8217;s important to understand the different types of web servers and their functionalities. For more information, you can visit our pages on the <a href=\"https:\/\/webhostinggeeks.com\/best\/web-server\/\">web server software<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/apache-http-server-explained\/\">Apache<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/nginx-server-explained\/\">Nginx<\/a>, and <a href=\"https:\/\/webhostinggeeks.com\/blog\/litespeed-web-server-explained\/\">LiteSpeed<\/a>.<\/p>\n<h2>Listing Banned IP Addresses<\/h2>\n<p>To view all the blocked IP addresses, you need to run the following command:<\/p>\n<pre># iptables -L<\/pre>\n<p>This command will display a list of all the IP addresses that have been blocked by Fail2ban. The output will include various chains like &#8216;f2b-AccessForbidden&#8217;, &#8216;f2b-WPLogin&#8217;, &#8216;f2b-ConnLimit&#8217;, &#8216;f2b-ReqLimit&#8217;, &#8216;f2b-NoAuthFailures&#8217;, &#8216;f2b-SSH&#8217;, &#8216;f2b-php-url-open&#8217;, and &#8216;f2b-nginx-http-auth&#8217;, among others. These chains represent different rules set by Fail2ban to block IPs based on various conditions.<\/p>\n<p>Example:<\/p>\n<pre>\r\n# iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget     prot opt source               destination\r\nf2b-AccessForbidden  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-WPLogin  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-ConnLimit  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-ReqLimit  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-NoAuthFailures  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-SSH    tcp  --  anywhere             anywhere            tcp dpt:ssh\r\nf2b-php-url-open  tcp  --  anywhere             anywhere            tcp dpt:http\r\nf2b-nginx-http-auth  tcp  --  anywhere             anywhere            multiport dports http,https\r\nACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED\r\nACCEPT     icmp --  anywhere             anywhere\r\nACCEPT     all  --  anywhere             anywhere\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:EtherNet\/IP-1\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http\r\nREJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited\r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget     prot opt source               destination\r\nREJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget     prot opt source               destination\r\n\r\n\r\nChain f2b-NoAuthFailures (1 references)\r\ntarget     prot opt source               destination\r\nREJECT     all  --  64.68.50.128         anywhere            reject-with icmp-port-unreachable\r\nREJECT     all  --  104.194.26.205       anywhere            reject-with icmp-port-unreachable\r\nRETURN     all  --  anywhere             anywhere\r\n<\/pre>\n<h2>Removing a Banned IP from Fail2ban Jail<\/h2>\n<p>To remove a banned IP from the Fail2ban jail, you need to run the following command:<\/p>\n<pre># iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT<\/pre>\n<p>Replace &#8216;banned_ip&#8217; with the actual IP address you wish to unban. This command will remove the specified IP address from the Fail2ban jail, thus allowing it to access your server again.<\/p>\n<p>This guide should provide you with a quick and easy way to manage banned IPs in Fail2ban on CentOS 6, CentOS 7, RHEL 6, RHEL 7, and Oracle Linux 6\/7.<\/p>\n<h2>Commands Mentioned<\/h2>\n<ul>\n<li><span class=\"fw-bold\"># iptables -L<\/span> \u2013 Lists all the IP addresses blocked by Fail2ban<\/li>\n<li><span class=\"fw-bold\"># iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT<\/span> \u2013 Removes a specific IP address from the Fail2ban jail<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Managing your server&#8217;s security is a crucial task, and tools like Fail2ban make this task much easier by providing an automated way to block malicious IP addresses. However, there may be times when you need to unban an IP address. This guide has provided you with the necessary commands and steps to list all banned IP addresses and remove a specific IP from the Fail2ban jail.<\/p>\n<p>Remember, it&#8217;s important to keep your server secure and regularly monitor for any suspicious activity. For more information on server hosting, you can visit our pages on <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-dedicated-server-hosting\/\">dedicated server<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-vps-hosting\/\">VPS server<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-cloud-hosting\/\">cloud hosting<\/a>, and <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-shared-hosting\/\">shared hosting<\/a>.<\/p>\n<p>We hope this guide has been informative and helpful. If you have any further questions or need more detailed instructions, feel free to reach out. Remember, maintaining the security of your server should always be a top priority. Stay safe and happy hosting!<\/p>\n<h2>FAQ<\/h2>\n<ol itemscope itemtype=\"https:\/\/schema.org\/FAQPage\">\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What is Fail2ban?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">Fail2ban is an intrusion prevention software framework that protects your server from brute-force attacks. It is written in Python and is widely used by most VPS servers. Fail2ban scans log files and IP blacklists for signs of malicious activity.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">How can I see the list of IP addresses blocked by Fail2ban?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">You can see the list of IP addresses blocked by Fail2ban by running the command &#8216;# iptables -L&#8217;. This command will display all the IP addresses that have been blocked.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">How can I remove a banned IP from Fail2ban jail?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">You can remove a banned IP from Fail2ban jail by running the command &#8216;# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT&#8217;. Replace &#8216;banned_ip&#8217; with the actual IP address you wish to unban.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What does the command &#8216;# iptables -L&#8217; do?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">The command &#8216;# iptables -L&#8217; lists all the IP addresses that have been blocked by Fail2ban. It displays various chains representing different rules set by Fail2ban to block IPs based on various conditions.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What does the command &#8216;# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT&#8217; do?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">The command &#8216;# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT&#8217; removes a specific IP address from the Fail2ban jail. You need to replace &#8216;banned_ip&#8217; with the actual IP address you wish to unban.<\/span>\n            <\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Fail2ban is a powerful intrusion prevention software framework, written in Python, that is designed to safeguard your server from brute-force attacks. It is widely utilized by a majority of VPS&#8230;<\/p>\n","protected":false},"author":6,"featured_media":6549,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[996],"tags":[1367,1519,1744],"class_list":["post-6531","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-fail2ban","tag-iptables","tag-security"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/6531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=6531"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/6531\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/6549"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=6531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=6531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=6531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}