How to unban an IP with fail2ban
Fail2Ban is great but sometimes you ban wrongly.
Here's how to unban an IP banned by Fail2Ban.
Log to server as root.
List the banned ip with the command:
> iptables -L
You'll get something like:
... Chain fail2ban-apache-botseeker-adf (1 references) target prot opt source destination DROP all -- APoitiers-551-1-48-250.w92-146.abo.wanadoo.fr anywhere DROP all -- ip-83-134-25-126.dsl.scarlet.be anywhere DROP all -- ADijon-154-1-14-132.w90-33.abo.wanadoo.fr anywhere DROP all -- cnv94-6-88-185-61-237.fbx.proxad.net anywhere DROP all -- mau78-1-88-184-109-30.fbx.proxad.net anywhere DROP all -- APlessis-Bouchard-154-1-33-207.w90-3.abo.wanadoo.fr anywhere DROP all -- crawl-66-249-68-133.googlebot.com anywhere DROP all -- ABordeaux-257-1-85-192.w90-50.abo.wanadoo.fr anywhere DROP all -- 18.104.22.168.rev.sfr.net anywhere DROP all -- ANancy-256-1-30-55.w90-26.abo.wanadoo.fr anywhere DROP all -- AAnnecy-158-1-62-25.w90-48.abo.wanadoo.fr anywhere DROP all -- ALagny-152-1-28-44.w83-112.abo.wanadoo.fr anywhere DROP all -- pub30-175.mobius.fr anywhere DROP all -- APuteaux-651-1-273-223.w90-44.abo.wanadoo.fr anywhere DROP all -- 81-67-122-188.rev.numericable.fr anywhere DROP all -- 22.214.171.124.rev.sfr.net anywhere DROP all -- 126.96.36.199.rev.sfr.net anywhere DROP all -- crawl-66-249-71-209.googlebot.com anywhere RETURN all -- anywhere anywhere ...
We can see on the penultimate line that Fail2Ban banned the crawler from Google, just that. I don't know about you, but it's not a target I was planning to ban.
You have to count the number of IP lines banned up to the one you want to unban. This is the 18th line.
Then a small command line, you will of course have to replace “fail2ban-apache-botseeker-adf” by the name of the filter that banned the ip and “18" by the corresponding line number.
> iptables -D fail2ban-apache-botseeker-adf 18
Restart the first command to verify that the IP is no longer in the list of banned addresses.
If like me, you have implemented a ban strategy based on Apache error logs to avoid robots, consider monitoring Fail2Ban with a tool like Munin or Cacti and checking from time to time who you have banned.