How to Unblock And Whitelist Ip Address in Fail2Ban in 2021?

synergy-jackal · January 27, 2021, 3:41am

Guys,
I hate to make another post about this. But I dug through all the posts and could not get any of the mentioned approaches to work (fail2ban client, jail.local, jail.d, and variations). I’m stuck.

Anybody have a recommended approach to:

Unblock an IP address that is currently being blocked
Prevent this IP address from being blocked in the future
(Ideally) Have this setting survive upgrades < if not, fuck it, i’ll be happy with a solution that lets me connect this app server to my MIAB via SMTP now.

Thanks, team.

daveteu · January 27, 2021, 5:10am

Unban

To view all the “Jails-Name”

sudo fail2ban-client status

To view the IPs in each “Jail”

sudo fail2ban-client status JAIL-NAME

To view all IPS banned (the jailname is on the right of log)

sudo zgrep ‘Ban’ /var/log/fail2ban.log*

To find the jailname of the IP you want to unban (you need this)

sudo zgrep ‘Ban’ /var/log/fail2ban.log* | grep your-ip

to Unban

sudo fail2ban-client set JAIL-NAME unbanip IP-ADDRESS

WhiteList

To whitelist, open this conf

sudo nano /etc/fail2ban/jail.conf

Edit this line (Example, by IP or by IP block)

ignoreip= 192.168.0.1 192.168.5.0/32

Restart Fail2ban for it to take effect.

Troubleshoot Whitelist

If the above file doesn’t work then look like you need to edit /etc/fail2ban/jail.d/mailinabox.conf instead, which gets overwritten.

To rewrite your config after each mailinabox upgrade, you may want create a custom script with the following (please test before using in production) in your home directory, and chmod +x

#!/bin/bash
mailinabox/tools/editconf.py /etc/fail2ban/jail.d/mailinabox.conf \
            ignoreip = "127.0.0.1/8 <your-box-ip> <other whitelist ip>"

127.0.0.1/8 <your-box-ip> are default values in mailinabox.conf and should stay the same.

synergy-jackal · January 27, 2021, 7:54am

@daveteu
Many thanks for this! Now I can confidently cross this off the list of contributing factors for my current impasse…but some rays of hope coming through. And I’m sure it will help others as well (plus save them from digging through the many other posts.)

openletter · January 29, 2021, 5:30pm

Thanks for this. Few problems are more annoying that being blocked by your own security tool.

openletter · January 29, 2021, 5:48pm

One thing I just thought of as a problem for whitelisting an IP is that if an attacker has access to your network, they would be bypassing at least the f2b protections.

Perhaps a better solution is some sort of certificate login that can’t be brute forced, or something?

daveteu · January 31, 2021, 10:04am

agree with @openletter, and the fact is if you are using an app to connect, there’s no need to whitelist any IP.