This is an old revision of the document!

Fail2ban

Firstly I recommend to read the documentation (man fail2ban) and Commentaries in the configuration files.

To view status of the Fail2ban server just put

Jail Status

$ fail2ban-client status
Status
|- Number of jail:      25
`- Jail list:           php-url-fopen, nginx-login, pure-ftpd, solid-pop3d, nginx-noscript, postfix-tcpwrapper, squid, nsd, nginx-proxy, nginx-auth, nginx-badbots, dovecot-auth, lighttpd-auth, recidive, ssh-iptables, sendmail-auth, ssh-ddos, lighttpd-fastcgi, ssh-blocklist, ejabberd-auth, perdition, dovecot, nginx-http-auth, sendmail-reject, named-refused-tcp

To view status of any jail put

Jail Status

$ fail2ban-client status ssh-ddos # or any jail name
Status for the jail: ssh-ddos
|- filter
|  |- File list:        /var/log/messages
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

To view all current rules put

All statuses/banned ips

$ iptables -L -n
fail2ban-lighttpd-fastcgi  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
...
Chain fail2ban-nginx-noscript (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

To unban any IP from specific Jail:

Unban IP from Jail

iptables -D fail2ban-recidive -s 111.222.333.444 -j REJECT