Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Our experts will login to your server within 30 minutes to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

Fail2Ban: how to unban IPs that are blocked?

Fail2ban is a great tool for server owners to automatically ban suspicious IP addresses in server firewall.

But, sometimes, it can block valid connections too.

At Bobcares, we often receive requests from website owners to unban their IP address from Fail2ban as part of our Server Management Services for web hosts.

Today, let’s see the steps to unban an IP in Fail2ban.

 

What’s ‘fail2ban-client’ and ‘Fail2ban Jail’?

These are the 2 terms that we use frequently in this article.

So, before going into the details, let’s start with these terms.

 

fail2ban-client

Fail2ban scans server logs and ban IPs that show malicious signs like too many password failures, exploits, etc.

Server owners can run Fail2ban from command line using the command fail2ban-client.

For example, you can enter Fail2ban commands like this:

fail2ban-client COMMAND

 

Fail2ban Jails

A Fail2ban jail is a combination of a filter and actions.

Filter contains mainly regular expressions which are used to detect break-in attempts, password failures, etc.

And, Action define commands that are executed when the filter catches an abusive IP address.

In most of the servers, there are pre-configured jails for hosting services like web server, mail server, FTP, and so on.

Now, let’s see how our Server Support Engineers identify and unban an IP in Fail2ban.

How to unban an IP in Fail2ban?

When a valid user IP is blocked, the server owner may get a Connection timed out message for mail, web, SSH, etc.

For example, a blocked customer will see the below message, when he try to access the server via SSH.

ssh: connect to host server.hostname.com port 2022: Connection refused

 

But, we easily identify and unban the IP address from Fail2ban in 4 simple steps.

 

1) Check if IP address is blocked

Fail2ban uses iptables to block the traffic.

So, our Server Support Engineers first login to the server via SSH, and check for IP block with the following command.

iptables -n -L

 

If the IP is blocked by Fail2ban, then it will be listed in the Fail2ban chain like fail2ban-ssh.

 

2) Check the Fail2ban log

Fail2ban log on the server is at /var/log/fail2ban.log and this logs the details like IP addresses that are banned, the jail, and time they are blocked.

For example, a Fail2ban log looks like this:

2018-12-04 08:22:29,461 fail2ban.filter      [3045]: INFO    [ssh] Found 37.49.227.155 
2018-12-04 08:23:23,713 fail2ban.filter      [3045]: INFO    [plesk-postfix] Found 51.38.70.151 
2018-12-04 08:23:26,881 fail2ban.actions     [3045]: NOTICE  [plesk-modsecurity] Ban 45.245.13.23<.code>

 

Our Support Engineers check these logs to confirm if the IP is blocked by Fail2ban.

 

3) Get Jail name of blocked IP address

Next step is to confirm the jail name for this IP address is in.

For that, we use the command fail2ban-client status.

# fail2ban-client status 
Status 
|- Number of jail:      11 
`- Jail list:   plesk-apache, plesk-apache-badbot, plesk-dovecot, plesk-modsecurity, plesk-panel, plesk-postfix, plesk-proftpd, plesk-roundcube,
plesk-wordpress, recidive, ssh

 

Here, the Jail list in the output shows the Jail names set in Fail2ban.

4) Unban the IP address

Once we get the jail name, next step is to unban this IP address.

There is a slight difference in the unban commands depending on the Fail2ban version.

 

In Fail2ban version(before v0.8.8)

We use the below command to unban the IP address in Fail2ban versions before 0.8.8.

fail2ban-client get yourjailname actionunban youripaddress

 

Replace yourjailname with the corresponding jail name and youripaddress with the blocked IP address.

For example, to remove an IP address jailed within ssh, use the below command.

fail2ban-client get ssh actionunban 10.xx.15x.12x

 

In Fail2ban version v0.8.8 or later

We use the below command to unban the IP address in Fail2ban version 0.8.8 and later.

fail2ban-client set yourjailname unbanip youripaddress

 

Replace yourjailname with the corresponding jail name and youripaddress with blocked IP address.

For example, to remove an IP address jailed within ssh, use the below command.

fail2ban-client set ssh unbanip 10.xx.15x.12x

 

Alternatively, our Server Support Engineers use another method to unban the IP address instead of fail2ban-client.

For that, we first check for the blocked IP address, chain name and its corresponding line number with the following command.

iptables -n -L --line-numbers

 

Next, we use the below command to unban that IP address using the line-number and chain name.

iptables -D fail2ban-jailname <linenumber>

 

In plesk servers, they have integrated the Fail2ban feature aka IP Address Banning with the control panel.

So, server owners can easily unban the IP address in a single click.

fail2ban unban ip

Fail2ban in Plesk

 

Sometimes, we receive requests from server owners to unban multiple IP addresses from their servers.

During such situations, our Support Engineers create custom scripts to unban multiple IP addresses and make it a pain free process.

 

Conclusion

Fail2ban is a great tool for server owners to automatically ban suspicious IP addresses in server firewall. But, sometimes, it can block valid connections too. Today, we’ve discussed the steps followed by our Server Support Engineers to unban IP address from Fail2ban.


PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

Fail2ban unban IP

4 Comments

  1. In Fail2Ban v0.9.3, the command to unban is “unbanip”
    fail2ban-client set yourjailname unbanip youripaddress

    Reply
  2. Hello.

    Thanks a lot for your article. It helped me write this small bash script to unban an ip from a fail2ban jail. The jail name is retrieved from /var/log/fail2ban.log if ip is found there. Otherwise, the fallback jail name is sshd.

    #!/bin/bash

    logfile=’/var/log/fail2ban.log’
    fallbackjail=’sshd’

    echo “Enter ip to unban:”
    read ip

    echo “Checking whether the ip is banned”
    if [ 0 -lt `iptables -n -L|grep “REJECT”|grep “\”|wc -l` ]
    then
    echo “The ip $ip is banned”
    else
    echo “The ip $ip is not banned, ABORTING”
    exit
    fi

    echo “Trying to guess the jail name from $logfile”
    jail=`grep “Ban $ip$” $logfile|cut -d ‘[‘ -f 3|cut -d ‘]’ -f 1`
    if [ 0 -lt ${#jail} ]
    then
    echo “Found jail $jail for this ip”
    else
    echo “No jail found assuming $fallbackjail”
    jail=$fallbackjail
    fi

    echo “Checking that jail exists”
    exists=`fail2ban-client status|grep “$jail”`
    if [ 0 -lt ${#exists} ]
    then
    echo “Jail $jail exists”
    else
    echo “Jail $jail doesn’t exist, ABORTING”
    exit
    fi

    echo “Unbanning ip $ip from jail $jail”
    fail2ban-client set $jail unbanip $ip

    Reply
    • Thank you for sharing the script Louis. 🙂

      Reply
    • Thanks for sharing this script. It is a simple process to unban an IP based on great article but having a script is even better since I rarely unban an IP and I don’t need to run back to the article when I find myself needing to do this

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF