Skip to content

Troubleshooting

sebres edited this page Aug 22, 2017 · 4 revisions

Please read proper fail2ban configuration carefully before and follow the instructions there.
Many issues are configuration-related and can be relative easy rectified by the adjustment of the configuration.


[Q] I messed up Fail2Ban during Testing and blocked out my own IP address, how do I completely reset Fail2Ban to get it off to a clean start?
[A] In newer versions of Fail2Ban you can simply run the command
?sudo? fail2ban-client unban <IP> ... <IP>
Which will remove all entries for that IP from your firewall system (using banning actions) and from fail2ban database file fail2ban.sqlite3 for all jails.
But fail2ban still holds the offsets of already processed log-lines in the database (so this entries will be bypassed if fail2ban should be restarted later).

[A] Up to version 0.10 you can do it only per jail:
?sudo? fail2ban-client set <JAIL> unbanip <IP>

[A] To reset fail2ban completely and start off fresh (not to be recommended)
Should you ever want to completely clear and reset the Fail2Ban log file and SQLite database for whatever reason you can do the following:

  • Stop Fail2Ban
    ?sudo? service fail2ban stop
  • Empty the Fail2Ban LogFile
    ?sudo? truncate -s 0 /var/log/fail2ban.log
  • Delete the Fail2Ban SQLite Database File
    ?sudo? rm /var/lib/fail2ban/fail2ban.sqlite3
  • Restart Fail2Ban
    ?sudo? service fail2ban restart

If you delete fail2ban database, also consider deleting any of your Apache, Nginx or Auth log files or just the entries that may contain your own IP address used during testing, as once Fail2Ban starts again, depending on your jail settings, it will just block you again.


[Q] Fail2Ban will not start and is giving me the following error message "Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details." but checking those does not help me trace where my error is.
[A] First take a look in journal log of fail2ban.service by running
journalctl -ru fail2ban

Your fail2ban.log file in /var/log/fail2ban.log is also a very good place to keep a check for errors.

If you find and fix your error then reload fail2ban using:

  • Reload (works only since 0.10):
    ?sudo? service fail2ban reload
  • Or more aggressive (using restart).
    ?sudo? service fail2ban restart
    Please note: all banned IPs will be unbanned and banned again after restart.

For Heavy Debugging Users
You can run the Fail2Ban-Client in a very verbose mode using the following commands which will show you all output when Fail2Ban is loading, this is also a useful method for tracing errors in jails, filters and actions.

Stop the Failban Server by running
?sudo? service fail2ban stop

Make sure the Fail2Ban client is also not running by running the following
?sudo? fail2ban-client -vvv -x stop

Then start the Fail2Ban client in verbose mode as follows
?sudo? fail2ban-client -vvv -x start

This will show you exactly in which jail, filter or action your error lies. Once you can start the fail2ban-client successfully using ?sudo? fail2ban-client -vvv -x start

Then stop it again using
?sudo? fail2ban-client -vvv -x stop

and then start the Fail2Ban Server
?sudo? service fail2ban restart

You can’t perform that action at this time.