====== Fail2ban ======

Firstly I recommend to read the documentation (man fail2ban) and the comments in the configuration files.

Installation manual can be found on [[http://wiki.gentoo.org/wiki/Fail2ban | Gentoo Wiki]].

To view status of the Fail2ban server just put
<code bash | Jail Status>
$ fail2ban-client status
Status
|- Number of jail:      25
`- Jail list:           php-url-fopen, nginx-login, pure-ftpd, solid-pop3d, nginx-noscript, postfix-tcpwrapper, squid, nsd, nginx-proxy, nginx-auth, nginx-badbots, dovecot-auth, lighttpd-auth, recidive, ssh-iptables, sendmail-auth, ssh-ddos, lighttpd-fastcgi, ssh-blocklist, ejabberd-auth, perdition, dovecot, nginx-http-auth, sendmail-reject, named-refused-tcp
</code>

To view status of any jail put
<code bash | Jail Status>
$ fail2ban-client status ssh-ddos # or any jail name
Status for the jail: ssh-ddos
|- filter
|  |- File list:        /var/log/messages
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0
</code>

To view all current rules put
<code bash | All statuses/banned ips>
$ iptables -L -n
fail2ban-lighttpd-fastcgi  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
...
Chain fail2ban-nginx-noscript (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0 
</code>

To unban any IP from specific Jail until the next Fail2ban daemon restart:
<code bash | Unban IP from Jail>
iptables -D fail2ban-recidive -s 111.222.333.444 -j REJECT
</code>