Guide to whitelisting, banning or unbanning an IP in Fail2ban

Welcome to Codenet, In this article you’ll learn about the whitelisting of IPs in the Fail2ban service. Before going deeper let’s learn a little about the Fail2ban service.

What is Fail2ban?

It is software or a service that is developed in Python to prevent malicious requests sent to the servers. Mainly it is developed to prevent brute-force attacks. Learn More about this service on the official page.

Check whether fail2ban is active or not

If you have fail2ban service installed you can find a jail.conf file in /etc/fail2ban/jail.conf. Also if you need to check whether the service is running or not follow the below steps.

Command:

/etc/init.d/fail2ban status

Installed but not running.

frappe@server:~$ /etc/init.d/fail2ban status
* Status of Authentication failure monitor
*  fail2ban is not running

Installed and running.

frappe@server:~$ /etc/init.d/fail2ban status
 fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-08-23 15:53:13 IST; 3 days ago
       Docs: man:fail2ban(1)
   Main PID: 755 (fail2ban-server)
      Tasks: 7 (limit: 18805)
     Memory: 16.7M
        CPU: 21min 34.023s
     CGroup: /system.slice/fail2ban.service
             └─755 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Whitelisting an IP in fail2ban

Duplicate the original jail.conf file using the below command (Any modifications in jail.conf will be erased if the service is updated.)

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local && sudo nano /etc/fail2ban/jail.local

Once you run the above command, the file will open in the nano editor and find the line ignoreip = 127.0.0.1/8 ::1 by default it might be commented like #ignoreip = 127.0.0.1/8 ::1. Uncomment it and change as follows.

You can whitelist any IP address, subnet, DNS, etc.

ignoreip = 192.168.1.1/24

You can save and exit the nano editor by pressing Ctrl+O and Ctrl+X.

To add multiple whitelist IP addresses, just place one after the other, as shown below.

ignoreip = 192.168.1.1/24 172.67.209.252 8.8.8.8

How to Unban all IP address?

Warning

Unbanning all IP is dangerous but in test environment this will be helpful. Don’t do this in Live or Production environment.

Set the followings in jail.local file. Edit the values for bantime and ignoreip in that file.

ignoreip = 0.0.0.0
bantime  = -1

Restarting Fail2ban service

sudo systemctl restart fail2ban

or,

sudo service fail2ban restart

List all banned IP’s in fail2ban

sudo zgrep 'Ban' /var/log/fail2ban.log*

Ban and unban IP addresses using fail2ban

List Available Jails: First, you should check the list of jails that are currently active in your Fail2Ban setup. You can do this by running:

sudo fail2ban-client status
frappe@server:~$ sudo fail2ban-client status
Status
|- Number of jail:      2
`- Jail list:   nginx-proxy, sshd

Jail List: Use this to Ban or UnBan

To ban an IP address using fail2ban, run the command below:(JAIL NAME and IP-ADDRESS based on your need)

sudo fail2ban-client set <JAIL NAME> banip <IP-Address>

To unban an IP address, run:

sudo fail2ban-client set <JAIL NAME> banip <IP-Address>

Stop or Ban fail2ban service:

Stop Fail2Ban Service: To stop the Fail2Ban service, use the following command:

sudo systemctl stop fail2ban

Disable Fail2Ban Service: To prevent Fail2Ban from starting automatically at boot, use the command:

sudo systemctl disable fail2ban

Leave a Comment

Scroll to Top