Welcome to Codenet, In this article you’ll learn about the whitelisting of IPs in the Fail2ban service. Before going deeper let’s learn a little about the Fail2ban service.
What is Fail2ban?
It is software or a service that is developed in Python to prevent malicious requests sent to the servers. Mainly it is developed to prevent brute-force attacks. Learn More about this service on the official page.
Check whether fail2ban is active or not
If you have fail2ban service installed you can find a jail.conf file in /etc/fail2ban/jail.conf. Also if you need to check whether the service is running or not follow the below steps.
Command:
/etc/init.d/fail2ban status
Installed but not running.
frappe@server:~$ /etc/init.d/fail2ban status
* Status of Authentication failure monitor
* fail2ban is not running
Installed and running.
frappe@server:~$ /etc/init.d/fail2ban status
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-08-23 15:53:13 IST; 3 days ago
Docs: man:fail2ban(1)
Main PID: 755 (fail2ban-server)
Tasks: 7 (limit: 18805)
Memory: 16.7M
CPU: 21min 34.023s
CGroup: /system.slice/fail2ban.service
└─755 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Whitelisting an IP in fail2ban
Duplicate the original jail.conf file using the below command (Any modifications in jail.conf will be erased if the service is updated.)
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local && sudo nano /etc/fail2ban/jail.local
Once you run the above command, the file will open in the nano editor and find the line ignoreip = 127.0.0.1/8 ::1 by default it might be commented like #ignoreip = 127.0.0.1/8 ::1. Uncomment it and change as follows.
You can whitelist any IP address, subnet, DNS, etc.
ignoreip = 192.168.1.1/24
You can save and exit the nano editor by pressing Ctrl+O and Ctrl+X.
To add multiple whitelist IP addresses, just place one after the other, as shown below.
ignoreip = 192.168.1.1/24 172.67.209.252 8.8.8.8
How to Unban all IP address?
Warning
Set the followings in jail.local file. Edit the values for bantime and ignoreip in that file.
ignoreip = 0.0.0.0
bantime = -1
Restarting Fail2ban service
sudo systemctl restart fail2ban
or,
sudo service fail2ban restart
List all banned IP’s in fail2ban
sudo zgrep 'Ban' /var/log/fail2ban.log*
Ban and unban IP addresses using fail2ban
List Available Jails: First, you should check the list of jails that are currently active in your Fail2Ban setup. You can do this by running:
sudo fail2ban-client status
frappe@server:~$ sudo fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: nginx-proxy, sshd
Jail List: Use this to Ban or UnBan
To ban an IP address using fail2ban, run the command below:(JAIL NAME and IP-ADDRESS based on your need)
sudo fail2ban-client set <JAIL NAME> banip <IP-Address>
To unban an IP address, run:
sudo fail2ban-client set <JAIL NAME> banip <IP-Address>
Stop or Ban fail2ban service:
Stop Fail2Ban Service: To stop the Fail2Ban service, use the following command:
sudo systemctl stop fail2ban
Disable Fail2Ban Service: To prevent Fail2Ban from starting automatically at boot, use the command:
sudo systemctl disable fail2ban