Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th February 2011, 16:09
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
Post How to manually unban ip blocked by fail2ban

I ran into an issue today where my office router somehow got blocked by fail2ban. I searched high and low to find an answer to unblock it so I did not have to wait for the ban to expire.

Here is what I found:

when I executed
Code:
iptables -L
I saw that my IP was in the jail named postfix-spamers550

to remove it I executed the following command

Code:
fail2ban-client get postfix-spamers550 actionunban 111.222.333.444
Success
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote
The Following 3 Users Say Thank You to drewb0y For This Useful Post:
falko (11th February 2011), mveplus (15th February 2011), Nilpo (9th December 2013)
Sponsored Links
  #2  
Old 6th April 2012, 00:10
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

I am trying to do the same (manually un-ban a single IP address), but when I issue the command you cited, I receive the following in fail2ban's log:

Code:
fail2ban-client get sasl actionunban XXX.XXX.XXX.XXX
Code:
2012-04-05 14:50:48,671 fail2ban.comm   : WARNING Invalid command: ['get', 'sasl', 'actionunban', 'XXX.XXX.XXX.XXX']
(Note: the XXXs represent an actual IP address)

To make matters more confusing, according to the fail2ban Wiki ( http://www.fail2ban.org/wiki/index.php/Features ), manual actions, including un-banning, are not possible in version 0.8 (these features are on the road-map for 0.9):

Quote:
Manual control of ban list (ban, unban, reset). You currently have to restart the daemon to unban.
Yet, the "fail2ban-client --help" output corroborates the availability of this command:

Quote:
get <JAIL> actionunban <ACT> gets the unban command for the
action <ACT> for <JAIL>
I am using fail2ban 0.8.6.

I know the jail name ("sasl") is correct, because the client throws a different error (e.g., "Sorry but the jail 'fail2ban-sasl' does not exist") when the jail name is incorrect.

Am I missing the "unban" action in fail2ban's "action.d" directory? If so, from where did you acquire that file? And do you mind sharing it?

Any thoughts? Thanks in advance.

Last edited by cbj4074; 6th April 2012 at 00:23. Reason: Added actual command that I am issuing.
Reply With Quote
  #3  
Old 8th April 2012, 23:34
ehansen ehansen is offline
Junior Member
 
Join Date: Apr 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by drewb0y View Post
I ran into an issue today where my office router somehow got blocked by fail2ban. I searched high and low to find an answer to unblock it so I did not have to wait for the ban to expire.

Here is what I found:

when I executed
Code:
iptables -L
I saw that my IP was in the jail named postfix-spamers550

to remove it I executed the following command

Code:
fail2ban-client get postfix-spamers550 actionunban 111.222.333.444
Success
Another option, though may not be for the best, is:
Code:
iptables -D <chain> <chain number>
The information can be found by running this: iptables -L --line-numbers
Reply With Quote
  #4  
Old 9th April 2012, 17:47
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

Thank you for the reply, ehansen.

My concern with that approach is that fail2ban will attempt to restore iptables rules whenever it is restarted.

In other words, if I were to remove the banned IP address directly, and then fail2ban had to be restarted for any reason, the IP address would again be added to the blacklist.
Reply With Quote
  #5  
Old 9th April 2012, 17:49
ehansen ehansen is offline
Junior Member
 
Join Date: Apr 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

fail2ban doesn't start/stop the firewall as far as I know. Even if it did, however, as long as the firewall rules are saved (iptables-save) before a shutdown the restore will just load up the most recent saved rules.
Reply With Quote
  #6  
Old 9th April 2012, 17:56
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

Right; I don't think that fail2ban starts or stops the firewall either.

But as far as I know, fail2ban does re-parse logs when it is started, and adds any qualifying entries to the iptables rules (if not already present).

If this is, in fact, how fail2ban behaves, wouldn't it re-add the IP address in question as soon as fail2ban is restarted?
Reply With Quote
  #7  
Old 9th April 2012, 18:07
ehansen ehansen is offline
Junior Member
 
Join Date: Apr 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by cbj4074 View Post
Right; I don't think that fail2ban starts or stops the firewall either.

But as far as I know, fail2ban does re-parse logs when it is started, and adds any qualifying entries to the iptables rules (if not already present).

If this is, in fact, how fail2ban behaves, wouldn't it re-add the IP address in question as soon as fail2ban is restarted?
I wouldn't think so but I don't know the inner workings of fail2ban. I mean I've had my server restarted after fail2ban put in some IPs and seemed like only the rules themselves were loaded. Someone who is more familiar with how it works wil probably be able to better answer it though.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Fail2ban florix.net Installation/Configuration 4 26th January 2011 00:53
Fail2ban attacker Toucan General 2 5th October 2010 23:00
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Fail2ban only ban on first time. ivomendonca Installation/Configuration 1 30th October 2009 18:48
Need help with fail2ban on centos 5.3 rlischer Installation/Configuration 3 14th August 2009 11:47


All times are GMT +2. The time now is 12:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.