Fail2Ban unblock ipaddress

iptables fail2ban

Solution 1:

Use the --line-numbers option to iptables to get a listing which shows the line numbers for the rules in a chain e.g.

iptables -L fail2ban-SSH -v -n --line-numbers
Chain fail2ban-SSH (1 references)
num   pkts bytes target     prot opt in     out   source              destination
1       19  2332 DROP       all  --  *      *     193.87.172.171      0.0.0.0/0
2       16  1704 DROP       all  --  *      *     222.58.151.68       0.0.0.0/0
3       15   980 DROP       all  --  *      *     218.108.224.81      0.0.0.0/0
4        6   360 DROP       all  --  *      *     91.196.170.231      0.0.0.0/0
5     8504  581K RETURN     all  --  *      *     0.0.0.0/0           0.0.0.0/0

Then use iptables -D chain rulenum to remove the ones you don't want e.g.

iptables -D fail2ban-SSH 1

would delete the 

1       19  2332 DROP       all  --  *      *     193.87.172.171      0.0.0.0/0

line from the example above. Note that everything is renumbered so you can run the same command again to remove the new rule 1 in the chain.

Solution 2:

From my experience with Fail2ban, unbanning an IP address directly through IPTABLES will result in the IP being banned again by Fail2ban if the Fail2ban service is restarted within the Ban Time.

That being said, the most effective and clean way of unbanning an IP address banned by Fail2ban is using the fail2ban-client.

Step 1: Take note of the Jail Name by checking the Fail2ban log

sudo zgrep 'Ban' /var/log/fail2ban.log

Sample output:

2017-11-03 04:30:14,509 fail2ban.actions [25091]: NOTICE [nginx-badbots] Ban 47.15.15.49 2017-11-03 04:37:29,597 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 103.31.87.187 2017-11-03 04:37:30,124 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 201.33.170.251 2017-11-03 04:37:30,364 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 47.15.15.49 2017-11-03 04:38:06,754 fail2ban.actions [27065]: NOTICE [vsftpd] Ban 128.20.12.68

If we are interested in unbanning the IP address - 128.20.12.68 - then the Jail name is vsftpd.

Step 2: Unban the IP address using fail2ban-client. The general format is:

sudo fail2ban-client set [JAIL] unbanip [xx.xx.xx.xx]

Now, run:

sudo fail2ban-client set vsftpd unbanip 128.20.12.68

Sample output:

128.20.12.68

Step 3: Confirm unban from Fail2ban log

sudo tail -f /var/log/fail2ban.log

Sample output:

2017-11-03 04:38:13,332 fail2ban.actions [27065]: NOTICE [vsftpd] Unban 128.20.12.68

Related

Real life SELinux security example?
Php-Fpm 7 server reached pm.max_children
PXE Booting Virtualbox guests in internal networking mode?
Windows replacement for HAProxy
Port 80 is being used by SYSTEM (PID 4), what is that?
SFTP fatal bad ownership or modes for chroot directory ubuntu 12.04
Setting Apache2 PATH environment variable
mirrored filesystem across a few servers
Network latency: 100Mbit vs. 1Gbit
Where's my ephemeral storage for EC2 Instance
Is it possible to use multiple load balancers to redirect traffic to my application servers?
What is a (raid-controller-) BBU for?