Fail2ban usage

From wikinotes
Revision as of 03:09, 3 May 2020 by Will (talk | contribs) (→‎fail2ban-client)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


This page is a mess. fail2ban changed some things between 0.7 and 0.8 - I ran out of weekend while rewriting.

fail2ban-client reload sshd  # reload, when you change filter settings

Testing Settings

# fail2ban-regex  <log>  <filter>
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

View/Manage Banned IPs

There are 2x stages to managing banned ips. Firstly, you can use fail2ban-client to check what fail2ban thinks is currently banned. Secondly, check your actual firewall to confirm that the ips are banned.


This is the intended interface for performing bans, removing bans, and otherwise managing your fail2ban service.


tired of always retyping fail2ban? use fail2ban -i to run the fail2ban interpreter. Then you can run just commands.

fail2ban-client status             # list all jails
fail2ban-client status <jail>      # list your jail's status, and the ips it has currently banned.

# ban/unban ip
fail2ban-client set <jail> banip   <ip-addr>
fail2ban-client set <jail> unbanip <ip-addr>

fail2ban-client get <jail> banip  # ? list banned?
fail2ban-client unban --all       # force unban all

firewall: iptables

firewall: pf

# Check up on banned IPs:
cat /var/log/fail2ban.log

# manage banned ips
pfctl -t fail2ban -T show                     #show banned
pfctl -t fail2ban -T add x.x.x.x              #ban ip
pfctl -t fail2ban -T delete x.x.x.x           #unban ip