Fail2Ban – You will lock yourself out

Posted on Updated on

There are parts I love about being able to manage a VPS, but there are parts I hate.

One of the biggest problems is if you get passwords wrong. Yep… It happens.

So when your server blocks your static IP, it gets difficult to get back in.

It’s not impossible, but, once you do you have to unblock yourself.

This took me a while to find, but it actually works, especially if you are running a Centos box with f2b.

Remove IP from blocklist

check its being blocked by running

iptables -L -n

if it is, unblock it by running

iptables -D <CHAIN> -s <IP>  -j <ACTION>

where <IP> is the one you want to remove, <ACTION> is what it does and <CHAIN> is the ruleset its blocked under. Some examples below;

iptables -L -n
...
Chain f2b-default (2 references)
target     prot opt source               destination
REJECT     all  --  217.147.243.129      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
...
server:# iptables -D f2b-default -s 217.147.243.129 -j REJECT # remove it
server:# /sbin/service iptables save 

Whitelisting

Whitelisting is setup in the jail.conf file using a space separated list.

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not                          
# ban a host which matches an address in this list. Several addresses can be                             
# defined using space separator.
                                                                         
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8 XXX.XXX.XXX.XXX
# where the XXX.etc is your static IP.

# This will ignore connection coming from common private networks.
# Note that local connections can come from other than just 127.0.0.1, so
# this needs CIDR range too.
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Source: http://wiki.vitro.co.uk/mw/Fail2ban

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s