On 6/25/2018 9:35 AM, Lucas Cotta wrote:

> the reason I'm trying to solve this in a hacky way is because when I try
> your solution, if I restart the server or fail2ban service, all those
> IPs get banned again. 

That is strange.  But I'm not a f2b developer, or have seen in detail
how it works, specially the unban part.

> How can I definitively unban them?

Are you sure its fail2ban keeping them?

Does the f2b log shows its re-adding them at startup?

If not...

I would first check (in my case) iptables: check the addresses are not
there after using "fail2ban-client set <JAIL> unbanip <IP>", re-check
after stopping f2b.

If that works as expected, then maybe something else installed is making
the additions.  Just an idea, but there were old additions to f2b to
keep the data persistent.

Also, with f2b stopped, have a look at the database.  I haven't
inspected it but using the following commands you can see what's in there:

        sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
        .dump
        .exit

The output after .dump will show first the table definition, hopefully
with descriptive column titles.  Then it shows the data in a way used to
record it (INSERT INTO <table> VALUES( <list of values in table order> ).

I don't know what f2b does with unbanned addresses, probably marks them
along with time stamps to know when, and for how long.  So the unbanned
addresses should be there, but unlike banned addresses, with something
different.

If everything checks, or looks sane, then open a ticket on the git
repository, its probably a bug.
-- 
René Berber

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to