Fail2ban provides a command-line interface (CLI) that allows you to perform various tasks related to monitoring and managing banned IP addresses, jails, and the Fail2ban service. Here are some commonly used Fail2ban day-to-day management commands collected in a mini cheat sheet.<\/p>\n\n\n\n
Your user must have super user access to run most of the commands. By default, the listed commands include the “sudo” prefix (short for \u201csuper user do\u201d,) but this is not always needed depending on your system configuration. If you are logged in as ‘root’ you can most likely omit this prefix.<\/p>\n\n\n\n
sudo systemctl status fail2ban<\/code><\/pre>\n\n\n\nDisplays the overall status of Fail2ban.<\/p>\n\n\n\n
Start Fail2ban<\/h3>\n\n\n\nsudo systemctl start fail2ban<\/code><\/pre>\n\n\n\nNo output if successful. Fail2ban is active.<\/p>\n\n\n\n
Stop Fail2ban<\/h3>\n\n\n\nsudo systemctl stop fail2ban<\/code><\/pre>\n\n\n\nNo output if successful. Fail2ban is stopped.<\/p>\n\n\n\n
Restart Fail2ban<\/h3>\n\n\n\nsudo systemctl restart fail2ban<\/code><\/pre>\n\n\n\nNo output if successful. Fail2ban is restarted.<\/p>\n\n\n\n
Reload Fail2ban configuration without restarting<\/h3>\n\n\n\nsudo fail2ban-client reload<\/code><\/pre>\n\n\n\nThe Fail2ban configuration is reloaded.<\/p>\n\n\n\n
Enable Fail2ban to start on boot<\/h3>\n\n\n\nsudo systemctl enable fail2ban<\/code><\/pre>\n\n\n\nFail2ban is set to start on boot.<\/p>\n\n\n\n
Disable Fail2ban from starting on boot<\/h3>\n\n\n\nsudo systemctl disable fail2ban<\/code><\/pre>\n\n\n\nFail2ban is disabled from starting on boot.<\/p>\n\n\n\n
View a list of all jails<\/h3>\n\n\n\nsudo fail2ban-client status<\/code><\/pre>\n\n\n\nLists all active Fail2ban jails and their status.<\/p>\n\n\n\n
Example output<\/p>\n\n\n\n
Status<\/code>\n|- Number of jail: 1\n`- Jail list: sshd<\/pre>\n\n\n\nList all banned IP addresses in all jails<\/h3>\n\n\n\nsudo fail2ban-client banned<\/code><\/pre>\n\n\n\nLists all IP addresses banned for each existing jail.<\/p>\n\n\n\n
Example output<\/p>\n\n\n\n
[{'sshd': ['192.0.2.1', '198.51.100.1']}]<\/pre>\n\n\n\nCheck the status of a specific jail (e.g., sshd)<\/h3>\n\n\n\nsudo fail2ban-client status <JAIL><\/code><\/pre>\n\n\n\nShows the status of a specific Fail2ban jail, such as SSH:<\/p>\n\n\n\n
sudo fail2ban-client status sshd<\/code><\/p>\n\n\n\nExample output for the jail sshd<\/p>\n\n\n\n
Status for the jail: sshd\n|- Filter\n| |- Currently failed:\t1\n| |- Total failed:\t23829\n| `- File list:\t\/var\/log\/auth.log\n`- Actions\n |- Currently banned:\t2\n |- Total banned:\t2569\n `- Banned IP list:\t192.0.2.1 198.51.100.1<\/pre>\n\n\n\nManually ban an IP address<\/h3>\n\n\n\nsudo fail2ban-client set <JAIL> banip <IP><\/code><\/pre>\n\n\n\nThe specified IP is banned and included in the specified jail. E.g., if you want to ban an IP from connect through SSH:<\/p>\n\n\n\n
sudo fail2ban-client set sshd banip 192.0.2.1<\/code><\/p>\n\n\n\nManually unban an IP address<\/h3>\n\n\n\nsudo fail2ban-client set <JAIL> unbanip <IP><\/code><\/pre>\n\n\n\nThe specified IP in the specified jail is unbanned. E.g., if you want to unban an IP and allow it to connect through SSH:<\/p>\n\n\n\n
sudo fail2ban-client set sshd unbanip 192.0.2.1<\/code><\/p>\n\n\n\nDisplay the current Fail2ban version<\/h3>\n\n\n\nsudo fail2ban-client version<\/code><\/pre>\n\n\n\nDisplays the installed Fail2ban version.<\/p>\n\n\n\n
Example output<\/p>\n\n\n\n
0.11.2<\/pre>\n\n\n\nCheck fail2ban.log<\/h3>\n\n\n\nsudo tail \/var\/log\/fail2ban.log<\/code><\/pre>\n\n\n\nDisplays the 10 latest entries in the log file.<\/p>\n\n\n\n
Get help and information about all Fail2ban commands<\/h3>\n\n\n\nsudo fail2ban-client --help<\/code><\/pre>\n\n\n\nDisplays the man page for Fail2ban with details about all Fail2ban commands and options.<\/p>\n","protected":false},"excerpt":{"rendered":"
Fail2ban provides a command-line interface (CLI) that allows you to perform various tasks related to monitoring and managing banned IP addresses, jails, and the Fail2ban service. Here are some commonly used Fail2ban day-to-day management commands collected in a mini cheat sheet. The “sudo” prefix Your user must have super user access to run most of […]<\/p>\n","protected":false},"author":1,"featured_media":2499,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,17],"tags":[],"class_list":["post-2489","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gnu-linux","category-linux"],"_links":{"self":[{"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/posts\/2489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/comments?post=2489"}],"version-history":[{"count":15,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/posts\/2489\/revisions"}],"predecessor-version":[{"id":2593,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/posts\/2489\/revisions\/2593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/media\/2499"}],"wp:attachment":[{"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/media?parent=2489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/categories?post=2489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bornoe.org\/blog\/wp-json\/wp\/v2\/tags?post=2489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}