Fail2ban usage

From wikinotes

TODO:

This page is a mess. fail2ban changed some things between 0.7 and 0.8 - I ran out of weekend while rewriting. 


fail2ban-client reload sshd  # reload, when you change filter settings


Testing Settings

# fail2ban-regex  <log>  <filter>
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

View/Manage Banned IPs

There are 2x stages to managing banned ips. Firstly, you can use fail2ban-client to check what fail2ban thinks is currently banned. Secondly, check your actual firewall to confirm that the ips are banned.

fail2ban-client

This is the intended interface for performing bans, removing bans, and otherwise managing your fail2ban service.

NOTE:

tired of always retyping fail2ban? use fail2ban -i to run the fail2ban interpreter. Then you can run just commands. 

fail2ban-client status             # list all jails
fail2ban-client status <jail>      # list your jail's status, and the ips it has currently banned.

# ban/unban ip
fail2ban-client set <jail> banip   <ip-addr>
fail2ban-client set <jail> unbanip <ip-addr>

fail2ban-client get <jail> banip  # ? list banned?
fail2ban-client unban --all       # force unban all

firewall: iptables

firewall: pf

# Check up on banned IPs:
cat /var/log/fail2ban.log

# manage banned ips
pfctl -t fail2ban -T show                     #show banned
pfctl -t fail2ban -T add x.x.x.x              #ban ip
pfctl -t fail2ban -T delete x.x.x.x           #unban ip
Retrieved from "http://willpittman.net:8080/index.php?title=Fail2ban_usage&oldid=18088"