Feb
2014
Unblock IP from Fail2Ban
Fail2Ban is an intrusion prevention framework written in the Python. It ban IP’s that makes too many failed attempts or performs any other unwanted action within a time frame defined, using iptables, thus helping the system admin to prevent attacks.
Though its very helpful, in an office network that has only one public IP and multiple users accessing the same server, there are chances that IP’s gets blocked more frequently. For Eg, let the setting be like 3 failed attempts on ssh port in 60 mins will block the IP for 2 hours. If 5 systems in a network access the server and any 3 of them makes one failed attempt, the IP gets blocked.
Once you have access to the system, the following command will output the iptables list.
iptables -L -n
Based on the blocks you have in place, the output will have multiple sections. Considering the ssh block for example, it will look like below:
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- 117.41.**.89 0.0.0.0/0
DROP all -- 222.186.**.32 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
To remove an IP from the block list type the following:
iptables -D fail2ban-ssh -s IP -j DROP
Replace IP with the one you want to unblock and “fail2ban-ssh” corresponds to the section from which you want to unblock the IP.