Fail2ban usage
From wikinotes
TODO:
This page is a mess. fail2ban changed some things between 0.7 and 0.8 - I ran out of weekend while rewriting.
fail2ban-client reload sshd # reload, when you change filter settings
Testing Settings
# fail2ban-regex <log> <filter> fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
View/Manage Banned IPs
There are 2x stages to managing banned ips. Firstly, you can use
fail2ban-client
to check what fail2ban thinks is currently banned. Secondly, check your actual firewall to confirm that the ips are banned.fail2ban-client
This is the intended interface for performing bans, removing bans, and otherwise managing your fail2ban service.
NOTE:
tired of always retyping fail2ban? use fail2ban -i to run the fail2ban interpreter. Then you can run just commands.
fail2ban-client status # list all jails fail2ban-client status <jail> # list your jail's status, and the ips it has currently banned. # ban/unban ip fail2ban-client set <jail> banip <ip-addr> fail2ban-client set <jail> unbanip <ip-addr> fail2ban-client get <jail> banip # ? list banned? fail2ban-client unban --all # force unban allfirewall: iptables
firewall: pf
# Check up on banned IPs: cat /var/log/fail2ban.log # manage banned ips pfctl -t fail2ban -T show #show banned pfctl -t fail2ban -T add x.x.x.x #ban ip pfctl -t fail2ban -T delete x.x.x.x #unban ip