Fail2ban and Denyhosts

From Klaus' wiki
Revision as of 12:35, 26 November 2018 by Klaus (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you are using fail2ban to protect your computer against intruders and you accidentally bans one of your own IP addresses while experimenting with a setup use these commands to get the banned IP out of the ban again:

$] fail2ban-client status 
$] fail2ban-client set <jail listed by the above command, e.g. sshd> unbanip <the banned IP address>

Sometimes the IP address remains in the IPtables. Find it using these commands:

$] iptables -L --line-numbers|less

look for your IP address and note the filter, e.g. INPUT, and the line number.

Remove it from IPtables using this command:

$] iptables -D <the chain to delete from, e.g. INPUT> <the line number found above>

If you also use denyhosts to keep intruders out of your box and the IP address is in /etc/hosts.deny edit all the files in /var/lib/denyhosts/* and remove the denied IP addresse as well as /etc/hosts.deny - but after you have stopped denyhosts using

$] systemmctl stop denyhosts.service.

Remember to restart after editing.