Occasionally a remote Agent will lose internet access and then our Fail2Ban will ban their IP address as their remote phone tries to re-establish its connection to the PBX.
To clear the phone from the Fail2Ban list of Banned IP addresses:
a. I would prefer not to add the banned Agent’s IP address to the "Whitelist"
b. I tried selecting “Restart” of the Intrusion Detection module from within the FreePBX GUI, but 15 seconds after the restart the remote agent’s IP address appears again in the Banned IP address list.
c. After about 1-3 hours the banned IP address stops appearing on the Intrusion Detection list of Banned IP addresses.
What is the proper way to immediately clear a banned IP address so that the Max Retry is reset for that IP address?
iptables -L fail2ban-SIP
gives you a list of the banned IPs
iptables -D fail2ban-SIP #
where # is the sequence number (1,2,3,4 etc…) of the IP you want to clear.
You can play with it a bit to figure out the correct number.
At worst you’ll just unblock the wrong IP
and your config does not ban for more than a couple of hours anyways.
I didn’t want to dredge up this post, but I figured it was worth it to make sure no one else was confused. This may not have been the case when this was originally posted, but to unban an ip from a jail now, you need to put “set” in front of the jail name.
For example: fail2ban-client set <JAIL> unbanip a.b.c.d
The IP 192.168.7.51 has just been banned by Fail2Ban after
8 attempts against SIP on localhost.
[root@freepbx ~]# fail2ban-client set unbanip 192.168.7.51
-bash: JAIL: No such file or directory
Does not seem to work that command what im i doing wrong ? @dicko
[root@freepbx ~]# fail2ban-client status
Status
|- Number of jail: 9
`- Jail list: recidive, zulu, ssh-iptables, apache-badbots, pbx-gui, asterisk-iptables, apache-api, apache-tcpwrapper, vsftpd-iptables
Went to look at fail2ban logs found this :
2021-10-05 10:45:54,499 fail2ban.actions[4545]: WARNING [asterisk-iptables] Ban 192.168.7.51
2021-10-05 11:15:54,669 fail2ban.actions[4545]: WARNING [asterisk-iptables] Unban 192.168.7.51
2021-10-05 12:51:52,837 fail2ban.server [4545]: INFO Stopping all jails
[root@freepbx ~]# fail2ban-client set asterisk-iptables unbanip 192.168.7.51
ERROR NOK: (‘IP 192.168.7.51 is not banned’,)
IP 192.168.7.51 is not banned
[root@freepbx ~]#
just throwing out a few of my favorite shell scripts:
unban.sh. ( ./unban.sh 1.2.3.4)
#!/bin/bash
echo $1
fail2ban-client status asterisk-iptables
fail2ban-client set asterisk-iptables unbanip $1
getbans.sh
#!/bin/bash
for i in apache-tcpwrapper recidive ssh-iptables apache-badbots pbx-gui asterisk-iptables vsftpd-iptables;
do fail2ban-client status $i;
done
getabans.sh
#!/bin/bash
fail2ban-client status asterisk-iptables
echo "use ./unban ip to unban"