Ping a Specific Port

Question

John Magnolia

Asked: 2012-04-30 04:26:12 +0800 CST2012-04-30 04:26:12 +0800 CST 2012-04-30 04:26:12 +0800 CST

Fail2Ban unblock ipaddress

772

I am trying to unblock an IP address without restarting Fail2Ban each time, what is the best way of doing this? Or can you point me in the direction of a useful guide?

As you can see below the IP address I am trying to remove is: 89.31.259.161

# iptables -L -n

    Chain INPUT (policy DROP)
    target     prot opt source               destination
    fail2ban-apache-badbots  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80,443
    fail2ban-httpd  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    fail2ban-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 25,465,143,220,993,110,995
    fail2ban-SSH  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    fail2ban-httpd  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    fail2ban-httpd  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    fail2ban-vsftpd  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80,443,25,465,110,995,143,993,587,465,21,20,2855
    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:54000

    Chain FORWARD (policy DROP)
    target     prot opt source               destination

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    Chain fail2ban-SSH (1 references)
    target     prot opt source               destination
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

    Chain fail2ban-apache-badbots (1 references)
    target     prot opt source               destination
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

    Chain fail2ban-httpd (3 references)
    target     prot opt source               destination
    DROP       all  --  89.31.259.161        0.0.0.0/0
    DROP       all  --  89.31.259.161        0.0.0.0/0
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-vsftpd (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

I was able to run: iptables -D fail2ban-httpd -s 89.31.259.161 -j DROP although this only deleted one of the lines.

2 Answers

Voted

user9517 · Answer 1 · 2012-04-30T04:35:19+08:00

Best Answer

user9517

2012-04-30T04:35:19+08:002012-04-30T04:35:19+08:00

Use the --line-numbers option to iptables to get a listing which shows the line numbers for the rules in a chain e.g.

iptables -L fail2ban-SSH -v -n --line-numbers
Chain fail2ban-SSH (1 references)
num   pkts bytes target     prot opt in     out   source              destination
1       19  2332 DROP       all  --  *      *     193.87.172.171      0.0.0.0/0
2       16  1704 DROP       all  --  *      *     222.58.151.68       0.0.0.0/0
3       15   980 DROP       all  --  *      *     218.108.224.81      0.0.0.0/0
4        6   360 DROP       all  --  *      *     91.196.170.231      0.0.0.0/0
5     8504  581K RETURN     all  --  *      *     0.0.0.0/0           0.0.0.0/0

Then use iptables -D chain rulenum to remove the ones you don't want e.g.

iptables -D fail2ban-SSH 1

would delete the

1       19  2332 DROP       all  --  *      *     193.87.172.171      0.0.0.0/0

line from the example above. Note that everything is renumbered so you can run the same command again to remove the new rule 1 in the chain.

17

Ndianabasi · Answer 2 · 2017-11-03T20:05:35+08:00

From my experience with Fail2ban, unbanning an IP address directly through IPTABLES will result in the IP being banned again by Fail2ban if the Fail2ban service is restarted within the Ban Time.

That being said, the most effective and clean way of unbanning an IP address banned by Fail2ban is using the fail2ban-client.

Step 1: Take note of the Jail Name by checking the Fail2ban log

sudo zgrep 'Ban' /var/log/fail2ban.log

Sample output:

2017-11-03 04:30:14,509 fail2ban.actions [25091]: NOTICE [nginx-badbots] Ban 47.15.15.49 2017-11-03 04:37:29,597 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 103.31.87.187 2017-11-03 04:37:30,124 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 201.33.170.251 2017-11-03 04:37:30,364 fail2ban.actions [27065]: NOTICE [nginx-badbots] Ban 47.15.15.49 2017-11-03 04:38:06,754 fail2ban.actions [27065]: NOTICE [vsftpd] Ban 128.20.12.68

If we are interested in unbanning the IP address - 128.20.12.68 - then the Jail name is vsftpd.

Step 2: Unban the IP address using fail2ban-client. The general format is:

sudo fail2ban-client set [JAIL] unbanip [xx.xx.xx.xx]

Now, run:

sudo fail2ban-client set vsftpd unbanip 128.20.12.68

Sample output:

128.20.12.68

Step 3: Confirm unban from Fail2ban log

sudo tail -f /var/log/fail2ban.log

Sample output:

2017-11-03 04:38:13,332 fail2ban.actions [27065]: NOTICE [vsftpd] Unban 128.20.12.68

Fail2Ban unblock ipaddress

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?