Fail2Ban – You will lock yourself out

Posted on Updated on

There are parts I love about being able to manage a VPS, but there are parts I hate.

One of the biggest problems is if you get passwords wrong. Yep… It happens.

So when your server blocks your static IP, it gets difficult to get back in.

It’s not impossible, but, once you do you have to unblock yourself.

This took me a while to find, but it actually works, especially if you are running a Centos box with f2b.

Remove IP from blocklist

check its being blocked by running

iptables -L -n

if it is, unblock it by running

iptables -D <CHAIN> -s <IP>  -j <ACTION>

where <IP> is the one you want to remove, <ACTION> is what it does and <CHAIN> is the ruleset its blocked under. Some examples below;

iptables -L -n
Chain f2b-default (2 references)
target     prot opt source               destination
REJECT     all  --      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
server:# iptables -D f2b-default -s -j REJECT # remove it
server:# /sbin/service iptables save 


Whitelisting is setup in the jail.conf file using a space separated list.

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                          
# ban a host which matches an address in this list. Several addresses can be                             
# defined using space separator.
ignoreip = XXX.XXX.XXX.XXX
# where the XXX.etc is your static IP.

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just, so
# this needs CIDR range too.
ignoreip =



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s