There are a lot of reasons why someone want to know the jail that banned an IP address, but I do not find a fail2ban-client
command to tell me this. There should be a get
command that doesn't require <JAIL>
, but instead outputs it.
I am aware that starting with version v0.10.2 I can unban an IP with:
fail2ban-client unban 192.0.2.138
My Question is not how to unban the IP. I ask how can I find out the jail that banned the IP.
The
fail2ban-client status JAIL
command shows a list of IP addresses currently banned by that jail, but it's a bit laborous to go through every jail like that, and it also won't show you IP addresses that are already released from the jail.The best way to gather the knowledge you need is to search for the IP address from the Fail2Ban logs:
This will not only show which jail banned the IP but also why – with all the timestamps you can use to find the corresponding events from the logs Fail2Ban is monitoring.
Newer versions (0.10.6/0.11.2) of fail2ban can handle this using
fail2ban-client banned <IP>
, see RFE 2725.This would return list of jails where given IP is currently banned.