Fail2ban

From aldeid
Jump to navigation Jump to search

Installation

$ sudo aptitude install fail2ban

Unban an IP

First check if IP is banned:

$ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	120
|  `- File list:	/var/log/auth.log
`- Actions
   |- Currently banned:	1
   |- Total banned:	1
   `- Banned IP list:	1.2.3.4

You can also confirm with iptables:

$ sudo iptables -n -L | grep 1.2.3.4
REJECT     all  --  1.2.3.4         0.0.0.0/0            reject-with icmp-port-unreachable

Now, to unban the IP:

$ sudo fail2ban-client set sshd unbanip 1.2.3.4
1.2.3.4