Need help?

Our experts will login to your server within 30 minutes to fix urgent issues.

Customer support or server support, make your own solution using our support configuration wizard.

Fail2Ban: how to unban IPs that are blocked?

Fail2ban is a great tool for server owners to automatically ban suspicious IP addresses in server firewall.

But, sometimes, it can block valid connections too.

At Bobcares, we often receive requests from website owners to unban their IP address from Fail2ban as part of our Outsourced Technical Support for web hosts.

Today, let’s see the steps to unban an IP in Fail2ban.

 

What’s ‘fail2ban-client’ and ‘Fail2ban Jail’?

These are the 2 terms that we use frequently in this article.

So, before going into the details, let’s start with these terms.

 

fail2ban-client

Fail2ban scans server logs and ban IPs that show malicious signs like too many password failures, exploits, etc.

Server owners can run Fail2ban from command line using the command fail2ban-client.

For example, you can enter Fail2ban commands like this:

fail2ban-client COMMAND

 

Fail2ban Jails

A Fail2ban jail is a combination of a filter and actions.

Filter contains mainly regular expressions which are used to detect break-in attempts, password failures, etc.

And, Action define commands that are executed when the filter catches an abusive IP address.

In most of the servers, there are pre-configured jails for hosting services like web server, mail server, FTP, and so on.

Now, let’s see how our Dedicated Support Engineers identify and unban an IP in Fail2ban.

How to unban an IP in Fail2ban?

When a valid user IP is blocked, the server owner may get a Connection timed out message for mail, web, SSH, etc.

For example, a blocked customer will see the below message, when he try to access the server via SSH.

ssh: connect to host server.hostname.com port 2022: Connection refused

 

But, we easily identify and unban the IP address from Fail2ban in 4 simple steps.

 

1) Check if IP address is blocked

Fail2ban uses iptables to block the traffic.

So, our Hosting Engineers first login to the server via SSH, and check for IP block with the following command.

iptables -n -L

 

If the IP is blocked by Fail2ban, then it will be listed in the Fail2ban chain like fail2ban-ssh.

 

2) Check the Fail2ban log

Fail2ban log on the server is at /var/log/fail2ban.log and this logs the details like IP addresses that are banned, the jail, and time they are blocked.

For example, a Fail2ban log looks like this:

2018-12-04 08:22:29,461 fail2ban.filter      [3045]: INFO    [ssh] Found 37.49.227.155 
2018-12-04 08:23:23,713 fail2ban.filter      [3045]: INFO    [plesk-postfix] Found 51.38.70.151 
2018-12-04 08:23:26,881 fail2ban.actions     [3045]: NOTICE  [plesk-modsecurity] Ban 45.245.13.23<.code>

 

Our Support Engineers check these logs to confirm if the IP is blocked by Fail2ban.

 

3) Get Jail name of blocked IP address

Next step is to confirm the jail name for this IP address is in.

For that, we use the command fail2ban-client status.

# fail2ban-client status 
Status 
|- Number of jail:      11 
`- Jail list:   plesk-apache, plesk-apache-badbot, plesk-dovecot, plesk-modsecurity, plesk-panel, plesk-postfix, plesk-proftpd, plesk-roundcube,
plesk-wordpress, recidive, ssh

 

Here, the Jail list in the output shows the Jail names set in Fail2ban.

4) Unban the IP address

Once we get the jail name, next step is to unban this IP address.

There is a slight difference in the unban commands depending on the Fail2ban version.

 

In Fail2ban version(before v0.8.8)

We use the below command to unban the IP address in Fail2ban versions before 0.8.8.

fail2ban-client get yourjailname actionunban youripaddress

 

Replace yourjailname with the corresponding jail name and youripaddress with the blocked IP address.

For example, to remove an IP address jailed within ssh, use the below command.

fail2ban-client get ssh actionunban 10.xx.15x.12x

 

In Fail2ban version v0.8.8 or later

We use the below command to unban the IP address in Fail2ban version 0.8.8 and later.

fail2ban-client set yourjailname unban youripaddress

 

Replace yourjailname with the corresponding jail name and youripaddress with blocked IP address.

For example, to remove an IP address jailed within ssh, use the below command.

fail2ban-client set ssh unban 10.xx.15x.12x

 

Alternatively, our Hosting Engineers use another method to unban the IP address instead of fail2ban-client.

For that, we first check for the blocked IP address, chain name and its corresponding line number with the following command.

iptables -n -L --line-numbers

 

Next, we use the below command to unban that IP address using the line-number and chain name.

iptables -D fail2ban-jailname <linenumber>

 

In plesk servers, they have integrated the Fail2ban feature aka IP Address Banning with the control panel.

So, server owners can easily unban the IP address in a single click.

fail2ban unban ip

Fail2ban in Plesk

 

Sometimes, we receive requests from server owners to unban multiple IP addresses from their servers.

During such situations, our Support Engineers create custom scripts to unban multiple IP addresses and make it a pain free process.

 

Conclusion

Fail2ban is a great tool for server owners to automatically ban suspicious IP addresses in server firewall. But, sometimes, it can block valid connections too. Today, we’ve discussed the steps followed by our Dedicated Support Engineers to unban IP address from Fail2ban.


PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES