To efficiently monitor Fail2Ban jails, the fail2ban-client command serves as a powerful tool. Below are essential commands to facilitate the management of jails:
Check status of jails:
To view the status of all defined jails and whether they are currently banning any IPs, you can use:
sudo fail2ban-client status
Check status of a specific jail
If you want to check the status of a specific jail, you can use:
sudo fail2ban-client status [jail-name]
- Replace [jail-name] with the name of the specific jail you are interested in.
Start/Stop/Restart Fail2Ban
To start, stop, or restart the Fail2Ban service, you can use:
sudo service fail2ban start
sudo service fail2ban stop
sudo service fail2ban restart
Alternatively, if your system uses systemctl, you can use:
sudo systemctl start fail2ban
sudo systemctl stop fail2ban
sudo systemctl restart fail2ban
Ban an IP Address:
To manually ban an IP address for a specific jail, use:
sudo fail2ban-client set [jail-name] banip [ip-address]
Replace [jail-name] with the jail's name and [ip-address] with the target IP.
Unban an IP address
To unban an IP address manually, you can use the following command:
sudo fail2ban-client set [jail-name] unbanip [ip-address]
Replace [jail-name] with the name of the jail and [ip-address] with the IP address you want to unban.
Check banned IP addresses
To list the currently banned IP addresses for a specific jail, you can use:
sudo fail2ban-client status [jail-name] | grep "Banned IP list:"
- Replace [jail-name] with the name of the jail.
Check Fail2Ban version
To check the installed Fail2Ban version, you can use:
sudo fail2ban-client version
These commands should help you manage Fail2Ban jails and monitor the status of banned IP addresses. Remember to replace placeholders like [jail-name] and [ip-address] with actual values.