Fail2ban provides a command-line interface (CLI) that allows you to perform various tasks related to monitoring and managing banned IP addresses, jails, and the Fail2ban service. Here are some commonly used Fail2ban day-to-day management commands collected in a mini cheat sheet.
The “sudo” prefix
Your user must have super user access to run most of the commands. By default, the listed commands include the “sudo” prefix (short for “super user do”,) but this is not always needed depending on your system configuration. If you are logged in as ‘root’ you can most likely omit this prefix.
List of commonly used commands
Check Fail2ban status
sudo systemctl status fail2banDisplays the overall status of Fail2ban.
Start Fail2ban
sudo systemctl start fail2banNo output if successful. Fail2ban is active.
Stop Fail2ban
sudo systemctl stop fail2banNo output if successful. Fail2ban is stopped.
Restart Fail2ban
sudo systemctl restart fail2banNo output if successful. Fail2ban is restarted.
Reload Fail2ban configuration without restarting
sudo fail2ban-client reloadThe Fail2ban configuration is reloaded.
Enable Fail2ban to start on boot
sudo systemctl enable fail2banFail2ban is set to start on boot.
Disable Fail2ban from starting on boot
sudo systemctl disable fail2banFail2ban is disabled from starting on boot.
View a list of all jails
sudo fail2ban-client statusLists all active Fail2ban jails and their status.
Example output
Status
|- Number of jail: 1
`- Jail list: sshdList all banned IP addresses in all jails
sudo fail2ban-client bannedLists all IP addresses banned for each existing jail.
Example output
[{'sshd': ['192.0.2.1', '198.51.100.1']}]
Check the status of a specific jail (e.g., sshd)
sudo fail2ban-client status <JAIL>Shows the status of a specific Fail2ban jail, such as SSH:
sudo fail2ban-client status sshd
Example output for the jail sshd
Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 23829 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 2 |- Total banned: 2569 `- Banned IP list: 192.0.2.1 198.51.100.1
Manually ban an IP address
sudo fail2ban-client set <JAIL> banip <IP>The specified IP is banned and included in the specified jail. E.g., if you want to ban an IP from connect through SSH:
sudo fail2ban-client set sshd banip 192.0.2.1
Manually unban an IP address
sudo fail2ban-client set <JAIL> unbanip <IP>The specified IP in the specified jail is unbanned. E.g., if you want to unban an IP and allow it to connect through SSH:
sudo fail2ban-client set sshd unbanip 192.0.2.1
Display the current Fail2ban version
sudo fail2ban-client versionDisplays the installed Fail2ban version.
Example output
0.11.2
Check fail2ban.log
sudo tail /var/log/fail2ban.logDisplays the 10 latest entries in the log file.
Get help and information about all Fail2ban commands
sudo fail2ban-client --helpDisplays the man page for Fail2ban with details about all Fail2ban commands and options.