问题:
我知道,从版本v0.10.2开始,我可以使用unban IP,
fail2ban-client unban YOUR_IP_ADDRESS
如何才能找到封锁禁止的IP
答案1:
fail2ban-client status JAIL命令显示了该监狱当前禁止的IP地址列表
最佳方法是从Fail2Ban日志中搜索IP地址:
# grep "192.0.2.138" /var/log/fail2ban.log
fail2ban.actions [388]: NOTICE [sshd] Ban 192.0.2.138
fail2ban.actions [388]: NOTICE [sshd] Unban 192.0.2.138
fail2ban.filter [388]: INFO [sshd] Found 192.0.2.138 - 2020-12-24 10:52:42
fail2ban.filter [388]: INFO [sshd] Found 192.0.2.138 - 2020-12-24 10:52:43
fail2ban.filter [388]: INFO [sshd] Found 192.0.2.138 - 2020-12-24 10:52:47
fail2ban.filter [388]: INFO [sshd] Found 192.0.2.138 - 2020-12-24 10:52:51
fail2ban.filter [388]: INFO [sshd] Found 192.0.2.138 - 2020-12-24 10:52:56
fail2ban.actions [388]: NOTICE [sshd] Ban 192.0.2.138
答案2:
较新版本的(0.10.6/0.11.2 )fail2ban可以使用fail2ban-client banned <IP>来处理这个问题,请参见RFE 2725,这将返回jail列表,其中给定IP当前被禁止。
相关文章