-------- Original Message --------
*Subject: * [Fail2ban-users] Debug unbanip
*From: * Sergei Gerasenko <gera...@gmail.com>
*To: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: * 2021-2-19 04:52 PM
Hi,
I'm relatively new to fail2ban and I can't understand why I can't unban an ip using the client. I /can/ do it using
iptables directly but not using the client. I'm running fail2ban v0.11. My configuration is like this (the important
bits):
...
actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actionban = iptables -I f2b-<name> 1 -s <ip> -j DROP
# Add the new IP ban to our ip.blacklist file unless it exists
already
grep -q '<ip>' /etc/fail2ban/ip.blacklist || echo '<ip>' >>
/etc/fail2ban/ip.blacklist
actionunban = iptables -D f2b-<name> -s <ip> -j DROP
# Remove IP from our ip.blacklist file
sed -i -e '/<ip>/d' /etc/fail2ban/ip.blacklist
...
The banning works great. But when I try to unban, I get:
fail2ban-client set repeat-offenders unbanip X.X.X.X
0
When I check the iptables chain, the IP is still there until I manually remove it with iptables. Also,
the /etc/fail2ban/ip.blacklist file still contains the ip as well. How can I see all the commands that fail2ban
executes (including grep, iptables, etc)?
Thanks,
Sergei
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
I'm not sure what you are trying to do with that code, but here is what I do
when I want to unban an IP address:
# ****** To unban an IP Address :
echo "Enter IP # to unban"; read input; for jail in $(fail2ban-client status | grep 'Jail list:' | sed 's/.*Jail
list://' | sed 's/,//g'); do echo; echo "Jail: $jail"; fail2ban-client set $jail unbanip $input; done
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
