Fail2ban keeps blocking IPs that had problems before but don't anymore

I’m just rolling out access to our FreePBX 13 server to some of our road warriors, setting up Grandstream Wave on their mobile phones.
During this, it happens that a user enters the password wrongly, and since GSWave tries repeatedly, the user ends up on the ban list. So far, so good.
Then, I usually turn off fail2ban, walk the user through the password stuff until I see a log entry “extension 1234 is now reachable”, which means credentials are ok and the user has logged in.
When I then turn fail2ban back on, this user’s IP will instantly appear on the block list (and iptables) again, even though there have been no failed logins since the restart.
This hasn’t always been that way (as far as I can remember), and is slightly annoying.
It looks to me like fail2ban reads some part of the previous log when it starts now, instead of picking up just at the current location.
Is there a way to configure this?

Why don’t you whitelist the IP?

I noticed that behaviour well.
After a restart Fail2ban apparently doesn’t read the logs from the point of restart but further back, blocking again.
I think that’s worth a feature request cause that’s indeed annoying.

What works for me is, instead of restarting Fail2ban, to unban the IP from the Linux command line.

If you use the Responsive Firewall, offending hosts will end up in the block hosts list, which you can selectively un-ban from the GUI.

Because this keeps happening for every user that I have to assist with the SIP client installation.
I prefer to have bugs fixed instead of worked around.

This is not a bug. Fail2ban reads the logs on restart so if their were bans that it needs to set it will set them.


As a note, if one moved to the latest supported version of fail2ban (0.9.4) , then the history is stored in an sqlite3 database and iwill no longer read from the logs on restart, it would more reasonably rely on it’s recorded history, everything else works as expected though.


Restarting fail2ban is then just not a way to get an unintentionally blocked IP address unbanned, cause it will get rebanned on restart.

Unban from command line then.

1 Like

Yes, that is I believe the the easy way for fail2ban 8.n.n, I guess you could also

rm /var/log/fail2ban.log

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.