iptables

How to view and remove banned IP's from Fail2ban on Ubuntu 10.04

If you followed the tutorial, "How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd" then you should have Fail2ban installed and configured  for SSH and Pure-FTPd. You may be curious how to view which IP's are banned or blocked by Fail2ban, or you may wan't to remove some of them from the banned list. To view all addresses that are blocked, run the following command:

sudo iptables -L -n

Banned SSH IP's look like this:

Chain fail2ban-ssh (1 references)

target     prot opt source               destination         

DROP       all  --  192.168.100.100          0.0.0.0/0           

RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 

Banned ftp IP's look like this:

Chain fail2ban-pure-ftpd (1 references)

target     prot opt source               destination         

DROP       all  --  192.168.100.100         0.0.0.0/0

To remove an IP address from the banned SSH list, run the following command:

How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd

Fail2ban is an intrusion prevention framework. It's main purpose is to block IP addresses belonging to hosts that are trying to breach the system's security. I highly recommend any linux administrator to implement this software. In my example, I will be installing Fail2ban on Ubuntu 10.04 64 bit Server Edition. I will be utilizing Fail2ban for SSH and Pure-FTPd.

To begin, install Fail2ban by running the following command:

sudo apt-get install fail2ban

By default, Fail2ban is Ubuntu friendly, meaning that it is configured to ban IP's after 6 failed SSH attempts. You can verify that it is enabled by viewing the contents of /etc/fail2ban/jail.conf:

cat /etc/fail2ban/jail.conf

 

Make sure that this section is in there and that it is set to true:

[ssh]

 

enabled = true

port = ssh

filter = sshd

logpath  = /var/log/auth.log

maxretry = 6

 

To configure Fail2ban for Pure-FTPd, run the following commands:

sudo vim /etc/fail2ban/jail.conf

 

Add the following lines to the section labeled "FTP servers":

[pure-ftpd]

 

Subscribe to iptables