How to whitelist an IP in Fail2ban on Debian Linux

Fail2Ban is used to protect servers against brute force attacks. Fail2ban uses iptables to block attackers, so, if we want to add permanent IP address and never be blocked, we must add it in the config file.

First, edit the config file :

vi /etc/fail2ban/jail.conf

Then, check the line :

ignoreip =

Add now add all IP you want. Each IP or range IP must be separated here with a whitespace. Ex:


ignoreip =

The line should be added in the [DEFAULT] section of the file.

Save the file and restart Fail2Ban:

service fail2ban restart

That's all.

Share this page:

Suggested articles

6 Comment(s)

Add comment


By: Vitaliy at: 2015-09-25 14:38:46

Thank you! It is exactly what I am looking for.

By: Jarkko Linnanvirta at: 2016-03-15 10:52:34


it does not work for me. Is there a way I can see the current active configuration?

By: datta at: 2017-02-20 14:10:18


Can we add this whitelisted IP in file or any database ???

By: Suresh Kumar at: 2017-12-19 11:19:58

It's not working for me any other suggestion please. I have added static IP address but not work for me.

By: Suresh Kumar at: 2017-12-19 11:22:04

 I have added my static IP addresses but not work for me.

By: till at: 2018-09-03 13:42:31

The ignoreip setting works fine for me in Debian 9. Maybe you added the IP in the wrong section, it needs to be added in the [DEFAULT] section of the file. Ensure that you removed the # in front of the existing ignoreip line in case that you reuse it. Or maybe your jail.conf is overridden by a jail.conf.local file where ignoreip is set to a different value.