How to view and open blocked IPs by IP Tables & Fail2ban
This opportunity I will write a guide on how to remove the IP address that has been blocked by fail2ban.
Whether it’s because of attacks / attacks or because we often enter the wrong password.
In essence fail2ban works in conjunction with iptables for closing ip that is suspected of attacking our computer
Below are the steps and the steps to remove the ip from iptables.
run this command to see all rules in iptables, emphasize that it exists in the root model in your terminal
$ # iptables -L –line-number
The results will of course vary. Mine is like this:
Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-sshd tcp – anywhere anywhere multiport dports ssh
2 fail2ban-VESTA tcp – anywhere anywhere tcp dpt: 8083
3 fail2ban-MAIL tcp – anywhere anywhere multiport dports smtp, urd, submission , 2525, pop3, pop3s, imap2, imaps
4 fail2ban-FTP tcp – anywhere anywhere tcp dpt: ftp
5 fail2ban-SSH tcp – anywhere anywhere tcp dpt: ssh
6 ACCEPT all – anywhere anywhere state RELATED, ESTABLISHED
7 ACCEPT all – sgv1. jogjapromo.com anywhere
8 ACCEPT all – localhost anywhere
9 ACCEPT tcp – anywhere anywhere tcp dpt: ssh
10 ACCEPT tcp – anywhere anywhere multiport dports http, https
11 ACCEPT tcp – anywhere anywhere multiport dports ftp, 12000: 12100
12 ACCEPT udp – anywhere anywhere udp get: domain
13 ACCEPT tcp – anywhere anywhere tcp dpt: domain
14 ACCEPT tcp – anywhere anywhere multiport dports smtp, urd, submission, 2525
15 ACCEPT tcp – anywhere anywhere multiport dports pop3, pop3s
16 ACCEPT tcp – anywhere anywhere multiport dports imap2, imaps
17 ACCEPT tcp – anywhere anywhere multiport dports mysql, postgresql
18 ACCEPT tcp – anywhere anywhere tcp can: 8083
19 ACCEPT icmp – anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt ??source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt ??source destination
Chain f2b-sshd (1 references)
num target prot opt ??source destination
1 REJECT all – 156.215.121.34.bc.googleusercontent.com anywhere reject-with icmp-port-unreachable
2 REJECT all – 191.232.234.0 anywhere reject-with icmp-port -unreachable
3 REJECT all – pool-37-83-126-181.telecel.com.py anywhere reject-with icmp-port-unreachable
4 REJECT all – ns506885.ip-198-27-82.net anywhere reject-with icmp -port-unreachable
5 REJECT all – host-195-223-211-242.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
6 REJECT all – 302.ahorasoft.com anywhere reject-with icmp-port-unreachable
7 REJECT all – 150.136.81.55 anywhere reject-with icmp-port-unreachable
8 REJECT all – 198.199.125.87 anywhere reject-with icmp-port-unreachable
9 REJECT all – 46.30.19.175.adsl-pool.jlccptt.net.cn anywhere reject-with icmp-port-unreachable
10 REJECT all – 124.160.83.138 anywhere reject-with icmp-port-unreachable
11 REJECT all – cpe-66-68-187-140.austin.res.rr.com anywhere reject-with icmp-port-unreachable
12 REJECT all – 129.226.114.97 anywhere reject-with icmp -port-unreachable
13 REJECT all – mail.folloelektriske.no anywhere reject-with icmp-port-unreachable
14 REJECT all – host-156.215.195.50-static.tedata.net anywhere reject-with icmp-port-unreachable
15 REJECT all – 194.152.206.93 anywhere reject-with icmp-port-unreachable
16 REJECT all – bd07813c.virtua.com.br anywhere reject-with icmp-port-unreachable
17 RETURN all – anywhere anywhere
18 RETURN all – anywhere anywhere
Chain fail2ban-FTP (1 references)
num target prot opt ??source destination
1 RETURN all – anywhere anywhere
Chain fail2ban-MAIL (1 references)
num target prot opt ??source destination
1 REJECT all – 212.70.149.68 anywhere reject-with icmp-port-unreachable
2 REJECT all – 45.142.120.15 anywhere reject-with icmp-port-unreachable
3 REJECT all – 45.142.120.20 anywhere reject-with icmp-port-unreachable
4 RETURN all – anywhere anywhere
Chain fail2ban-SSH (1 references)
num target prot opt ??source destination
1 REJECT all – 156.215.121.34.bc.googleusercontent.com anywhere reject-with icmp-port-unreachable
2 REJECT all – 191.232.234.0 anywhere reject-with icmp-port -unreachable
3 REJECT all – pool-37-83-126-181.telecel.com.py anywhere reject-with icmp-port-unreachable
4 REJECT all – ns506885.ip-198-27-82.net anywhere reject-with icmp -port-unreachable
5 REJECT all – host-195-223-211-242.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
6 REJECT all – 302.ahorasoft.com anywhere reject-with icmp-port-unreachable
7 REJECT all – 150.136.81.55 anywhere reject-with icmp-port-unreachable
8 REJECT all – 198.199.125.87 anywhere reject-with icmp-port-unreachable
9 REJECT all – 46.30.19.175.adsl-pool.jlccptt.net.cn anywhere reject-with icmp-port-unreachable
10 REJECT all – 124.160.83.138 anywhere reject-with icmp-port-unreachable
11 REJECT all – cpe-66-68-187-140.austin.res.rr.com anywhere reject-with icmp-port-unreachable
12 REJECT all – 129.226.114.97 anywhere reject-with icmp -port-unreachable
13 REJECT all – mail.folloelektriske.no anywhere reject-with icmp-port-unreachable
14 REJECT all – host-156.215.195.50-static.tedata.net anywhere reject-with icmp-port-unreachable
15 REJECT all – 194.152.206.93 anywhere reject-with icmp-port-unreachable
16 REJECT all – bd07813c.virtua.com.br anywhere reject-with icmp-port-unreachable
17 REJECT all – korematsu.tor-exit.calyxinstitute.org anywhere reject-with icmp-port-unreachable
18 RETURN all – anywhere anywhere
Chain fail2ban-VESTA (1 references)
num target prot opt ??source destination
1 RETURN all – anywhere anywhere
Now my results display as above.
To delete it, for example I want to delete 129.226.114.97 chain fail2ban-SSH then the command is:
# iptables -D fail2ban-SSH 12
The meaning of the command above is that we will tell iptables to delete ( -D ) rules in iptables with chain name (fail2ban-SSH) with the order no ( 12 ).
Hopefully can help.
Leave a Reply