How to whitelist an IP in Fail2ban on Debian Linux

Fail2Ban is used to protect servers against brute force attacks. Fail2ban uses iptables to block attackers, so, if we want to add permanent IP address and never be blocked, we must add it in the config file.

First, edit the config file :

vi /etc/fail2ban/jail.conf

Then, check the line :

ignoreip =

Add now add all IP you want. Each IP or range IP must be separated here with a whitespace. Ex:


ignoreip =

The line should be added in the [DEFAULT] section of the file.

Save the file and restart Fail2Ban:

service fail2ban restart

That's all.

Share this page:

Suggested articles

7 Comment(s)

Add comment


By: Vitaliy

Thank you! It is exactly what I am looking for.

By: Jarkko Linnanvirta


it does not work for me. Is there a way I can see the current active configuration?

By: datta


Can we add this whitelisted IP in file or any database ???

By: Suresh Kumar

It's not working for me any other suggestion please. I have added static IP address but not work for me.

By: Suresh Kumar

 I have added my static IP addresses but not work for me.

By: till

The ignoreip setting works fine for me in Debian 9. Maybe you added the IP in the wrong section, it needs to be added in the [DEFAULT] section of the file. Ensure that you removed the # in front of the existing ignoreip line in case that you reuse it. Or maybe your jail.conf is overridden by a jail.conf.local file where ignoreip is set to a different value.

By: TonyG

I believe this should be updated to reference jail.local.