Lire cet article en français

How to unban an IP with fail2ban

Fail2Ban is great but sometimes you ban wrongly.
Here's how to unban an IP banned by Fail2Ban.

Log to server as root.
List the banned ip with the command:

> iptables -L
 

You'll get something like:

...
Chain fail2ban-apache-botseeker-adf (1 references)
target     prot opt source               destination
DROP       all  --  APoitiers-551-1-48-250.w92-146.abo.wanadoo.fr  anywhere
DROP       all  --  ip-83-134-25-126.dsl.scarlet.be  anywhere
DROP       all  --  ADijon-154-1-14-132.w90-33.abo.wanadoo.fr  anywhere
DROP       all  --  cnv94-6-88-185-61-237.fbx.proxad.net  anywhere
DROP       all  --  mau78-1-88-184-109-30.fbx.proxad.net  anywhere
DROP       all  --  APlessis-Bouchard-154-1-33-207.w90-3.abo.wanadoo.fr  anywhere
DROP       all  --  crawl-66-249-68-133.googlebot.com  anywhere
DROP       all  --  ABordeaux-257-1-85-192.w90-50.abo.wanadoo.fr  anywhere
DROP       all  --  47.129.8.109.rev.sfr.net  anywhere
DROP       all  --  ANancy-256-1-30-55.w90-26.abo.wanadoo.fr  anywhere
DROP       all  --  AAnnecy-158-1-62-25.w90-48.abo.wanadoo.fr  anywhere
DROP       all  --  ALagny-152-1-28-44.w83-112.abo.wanadoo.fr  anywhere
DROP       all  --  pub30-175.mobius.fr  anywhere
DROP       all  --  APuteaux-651-1-273-223.w90-44.abo.wanadoo.fr  anywhere
DROP       all  --  81-67-122-188.rev.numericable.fr  anywhere
DROP       all  --  209.151.95.79.rev.sfr.net  anywhere
DROP       all  --  190.195.22.93.rev.sfr.net  anywhere
DROP       all  --  crawl-66-249-71-209.googlebot.com  anywhere
RETURN     all  --  anywhere             anywhere
...
 

We can see on the penultimate line that Fail2Ban banned the crawler from Google, just that. I don't know about you, but it's not a target I was planning to ban.

You have to count the number of IP lines banned up to the one you want to unban. This is the 18th line.
Then a small command line, you will of course have to replace “fail2ban-apache-botseeker-adf” by the name of the filter that banned the ip and “18" by the corresponding line number.

> iptables -D fail2ban-apache-botseeker-adf 18

Restart the first command to verify that the IP is no longer in the list of banned addresses.

If like me, you have implemented a ban strategy based on Apache error logs to avoid robots, consider monitoring Fail2Ban with a tool like Munin or Cacti and checking from time to time who you have banned.

Add a comment

Search

Post's details

Similar posts

Recent posts

Tags

Debian Doctrine Fail2ban Jenkins Linux MariaDB Security MySQL Performance PHP PhpMyAdmin OOP RabbitMQ Backup Shell Symfony VIM Elasticsearch Ansible