Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot unban IP #132

Closed
vsespb opened this issue Mar 7, 2013 · 11 comments
Closed

Cannot unban IP #132

vsespb opened this issue Mar 7, 2013 · 11 comments

Comments

@vsespb
Copy link

@vsespb vsespb commented Mar 7, 2013

Fail2Ban 0.8.6 Ubuntu 12.04

Cannot get it to unban single IP

# fail2ban-client status
Status
|- Number of jail:  2
`- Jail list:       ssh, nginx-naxsi
# fail2ban-client -vvv get nginx-naxsi  actionunban 10.0.2.2
DEBUG  Reading /etc/fail2ban/fail2ban
DEBUG  Reading files: ['/etc/fail2ban/fail2ban.conf', '/etc/fail2ban/fail2ban.local']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
DEBUG  NOK: ()
DEBUG  Beautify (error) KeyError() with ['get', 'nginx-naxsi', 'actionunban', '10.0.2.2']
@kwirk
Copy link
Contributor

@kwirk kwirk commented Mar 7, 2013

@vsespb I think the command you are after is:

fail2ban-client set nginx-naxsi unbanip 10.0.2.2
@vsespb
Copy link
Author

@vsespb vsespb commented Mar 7, 2013

that's version 0.8.6, as I mentioned.

fail2ban-client set nginx-naxsi unbanip 10.0.2.2
Invalid command (no set action or not yet implemented)
@kwirk
Copy link
Contributor

@kwirk kwirk commented Mar 7, 2013

@vsespb Ah... I suspect you are unable to unban with fail2ban 0.8.6. The actionunban command is used to set/get the command which would be execute when unbanning. You could always add the address to the ignoreip for the jail if applicable, or you will have to manually change your firewall, deleting the rule for the IP in question.

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Mar 7, 2013

thank you @kwirk for the clarifications

as for unbanip -- it is provided since 0.8.8

   * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
     the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86

Thus closing this report

@yarikoptic yarikoptic closed this Mar 7, 2013
@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Mar 7, 2013

@vsespb on http://www.fail2ban.org/wiki/index.php/Downloads I have added a reference to NeuroDebian as the resource of backport builds of fail2ban, if you decide to try 0.8.8

Cheers

@vsespb
Copy link
Author

@vsespb vsespb commented Mar 7, 2013

Ok. Thanks! Backborts is great idea..

seems I googled for several places where actionunban is advised as way to unban ip

http://www.howtoforge.com/forums/showthread.php?t=51366
http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

now I understand those were simply wrong advices.

@yarikoptic
Copy link
Member

@yarikoptic yarikoptic commented Mar 7, 2013

On Thu, 07 Mar 2013, Victor Efimov wrote:

seems I googled for several places where actionunban is advised as way to
unban ip

[1]http://www.howtoforge.com/forums/showthread.php?t=51366
[2]http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

oh yeah -- people are inventive and at times side-effects of incorrect
functioning might even suggest that the desired effects are achieved.
if only they RTFM ;-)

now I understand those were simply wrong advices.

good ;-)

Yaroslav O. Halchenko
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik

@bubluy
Copy link

@bubluy bubluy commented Jul 24, 2013

Sorry to bring up an old thread. I was curious what would be the best way to unban on fail2ban 0.8.6, if we don't want to install backports?

@grooverdan
Copy link
Contributor

@grooverdan grooverdan commented Jul 24, 2013

@bubluy you can manually remove the stuff using whatever the unban action is manually. Please use the mailing list for support.

@aseques
Copy link
Contributor

@aseques aseques commented Apr 22, 2014

Since the people (as me) are still coming for this question, this is the workaround we are using for the recidive plugin

IP=123.123.123.123
cat /var/log/fail2ban.log | grep -v $IP > /tmp/fail2ban.tmp
cp /tmp/fail2ban.tmp /var/log/fail2ban.log
iptables -D  fail2ban-recidive -s $IP -j DROP
@cjella
Copy link

@cjella cjella commented Mar 27, 2021

As they have already explained, in old versions of fail2ban it is complicated (not impossible) to unban an IP, looking for solutions I came here and I want to leave this for those who have a problem like this: Solution
Run as sudo or root: iptables -nvL will appear something like the following:
cjm# iptables -nvL
Chain INPUT (policy ACCEPT 1360K packets, 1009M bytes)
pkts bytes target prot opt in out source destination
25878 3218K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2022
25826 3215K fail2ban-ssh-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2022

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1043K packets, 1308M bytes)
pkts bytes target prot opt in out source destination

Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
36 2160 DROP all -- * * 200.134.103.100 0.0.0.0/0
0 0 DROP all -- * * 45.146.165.72 0.0.0.0/0
3 152 DROP all -- * * 45.135.232.165 0.0.0.0/0
13 748 DROP all -- * * 218.31.39.157 0.0.0.0/0
25826 3215K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh-ddos (1 references)
pkts bytes target prot opt in out source destination
25826 3215K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
We want to unban the IP ** 200.134.103.100 ** that is in the fail2ban ssh cage, so we count the lines, in this case it is line 1 that contains the IP that we want to unban. For this we execute the following command:
cjm# iptables -D fail2ban-ssh 1
Remember that number 1 is the line where the IP to unban is.

Sorry my bad english

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants