Cannot unban IP

[vsespb]

Fail2Ban 0.8.6 Ubuntu 12.04

Cannot get it to unban single IP

# fail2ban-client status
Status
|- Number of jail:  2
`- Jail list:       ssh, nginx-naxsi

# fail2ban-client -vvv get nginx-naxsi  actionunban 10.0.2.2
DEBUG  Reading /etc/fail2ban/fail2ban
DEBUG  Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
DEBUG  NOK: ()
DEBUG  Beautify (error) KeyError() with ['get', 'nginx-naxsi', 'actionunban', '10.0.2.2']

[kwirk]

@vsespb I think the command you are after is:

fail2ban-client set nginx-naxsi unbanip 10.0.2.2

[vsespb]

that's version 0.8.6, as I mentioned.

fail2ban-client set nginx-naxsi unbanip 10.0.2.2
Invalid command (no set action or not yet implemented)

[kwirk]

@vsespb Ah... I suspect you are unable to unban with fail2ban 0.8.6. The actionunban command is used to set/get the command which would be execute when unbanning. You could always add the address to the ignoreip for the jail if applicable, or you will have to manually change your firewall, deleting the rule for the IP in question.

[yarikoptic]

thank you @kwirk for the clarifications

as for unbanip -- it is provided since 0.8.8

   * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
     the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86

Thus closing this report

[yarikoptic]

@vsespb on http://www.fail2ban.org/wiki/index.php/Downloads I have added a reference to NeuroDebian as the resource of backport builds of fail2ban, if you decide to try 0.8.8

Cheers

[vsespb]

Ok. Thanks! Backborts is great idea..

seems I googled for several places where actionunban is advised as way to unban ip

http://www.howtoforge.com/forums/showthread.php?t=51366
http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

now I understand those were simply wrong advices.

[yarikoptic]

On Thu, 07 Mar 2013, Victor Efimov wrote:

seems I googled for several places where actionunban is advised as way to
unban ip

[1]http://www.howtoforge.com/forums/showthread.php?t=51366
[2]http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

oh yeah -- people are inventive and at times side-effects of incorrect
functioning might even suggest that the desired effects are achieved.
if only they RTFM ;-)

now I understand those were simply wrong advices.

good ;-)

Yaroslav O. Halchenko
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

[bubluy]

Sorry to bring up an old thread. I was curious what would be the best way to unban on fail2ban 0.8.6, if we don't want to install backports?

[grooverdan]

@bubluy you can manually remove the stuff using whatever the unban action is manually. Please use the mailing list for support.

[aseques]

Since the people (as me) are still coming for this question, this is the workaround we are using for the recidive plugin

IP=123.123.123.123
cat /var/log/fail2ban.log | grep -v $IP > /tmp/fail2ban.tmp
cp /tmp/fail2ban.tmp /var/log/fail2ban.log
iptables -D  fail2ban-recidive -s $IP -j DROP

[cjella]

As they have already explained, in old versions of fail2ban it is complicated (not impossible) to unban an IP, looking for solutions I came here and I want to leave this for those who have a problem like this: Solution
Run as sudo or root: iptables -nvL will appear something like the following:
cjm# iptables -nvL
Chain INPUT (policy ACCEPT 1360K packets, 1009M bytes)
pkts bytes target prot opt in out source destination
25878 3218K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2022
25826 3215K fail2ban-ssh-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2022

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1043K packets, 1308M bytes)
pkts bytes target prot opt in out source destination

Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
36 2160 DROP all -- * * 200.134.103.100 0.0.0.0/0
0 0 DROP all -- * * 45.146.165.72 0.0.0.0/0
3 152 DROP all -- * * 45.135.232.165 0.0.0.0/0
13 748 DROP all -- * * 218.31.39.157 0.0.0.0/0
25826 3215K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh-ddos (1 references)
pkts bytes target prot opt in out source destination
25826 3215K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
We want to unban the IP ** 200.134.103.100 ** that is in the fail2ban ssh cage, so we count the lines, in this case it is line 1 that contains the IP that we want to unban. For this we execute the following command:
cjm# iptables -D fail2ban-ssh 1
Remember that number 1 is the line where the IP to unban is.

Sorry my bad english