Fail2ban and Denyhosts

From Klaus' wiki
Jump to: navigation, search

If you are using fail2ban to protect your computer against intruders and you accidentally bans one of your own IP addresses while experimenting with a setup use these commands to get the banned IP out of the ban again: 

$] fail2ban-client status 
$] fail2ban-client set <jail listed by the above command, e.g. sshd> unbanip <the banned IP address>

Sometimes the IP address remains in the IPtables. Find it using these commands: 

$] iptables -L --line-numbers|less

look for your IP address and note the filter, e.g. INPUT, and the line number.

Remove it from IPtables using this command: 

$] iptables -D <the chain to delete from, e.g. INPUT> <the line number found above>

If you also use denyhosts to keep intruders out of your box and the IP address is in /etc/hosts.deny edit all the files in /var/lib/denyhosts/* and remove the denied IP addresse as well as /etc/hosts.deny - but after you have stopped denyhosts using 

$] systemmctl stop denyhosts.service.

Remember to restart after editing.

Retrieved from ‘http://klaus.ede.ase.au.dk/index.php?title=Fail2ban_and_Denyhosts&oldid=2247