I am running FirewallD. Fail2ban has block a test ip address...I cannot find where to unblock it /var/lib/iptables doesnt exist!

4 posts / 0 new
Last post
#1 Sat, 05/11/2019 - 07:04
adamjedgar

I am running FirewallD. Fail2ban has block a test ip address...I cannot find where to unblock it /var/lib/iptables doesnt exist!

I am running FirewallD. Fail2ban has block a test ip address...I cannot find where to unblock it /var/lib/iptables doesnt exist!

The webmin document is way outdated on this...it directs me to /var/lib/iptables for the fail2ban blocked ip list. That directory doesnt existing on my Debian VPS!!!

So where is fail2ban storing blocked ip addresses on virtualmin?

Why isnt fail2ban using firewallD?

Sat, 05/11/2019 - 09:49
scotwnw

FirewallD and IPtables are two unrelated firewalls. Fail2ban is using firewallD. That part of the instructions was from when webmin defaulted to Iptables firewall and then fail2ban was added. Later on, they switched to FirewallD as the default firewall. I dont use firewalld but in webmin > networking > firewallD it should show all the blocks/allow lines.

Sun, 05/12/2019 - 16:46
adamjedgar

yes, but it does not...that is empty.

What i am now thinking is that fail2ban is not actually using any other source for storing the blocked ip addresses...i think it is adding the block ip address within a log file in fail2ban itself.

The problem is that the Webmin website tutorial is outdated and has not been rewritten to suit current defaults within webmin/virtualmin...hence my confusion.

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 05/14/2019 - 19:17
krembo99

sudo zgrep 'Ban:' /var/log/fail2ban.log*

or a prettier view ( only for iptables ) :

sudo iptables -L INPUT -v -n | less

general log :

fail2ban-client status sshd

Make sure also that it is really banned ( see if you can login after 10 min ) becasue fail2ban is temporary block in nature.

If you can not login after long time that it is not that problem.. take a look also at the virtual memory - I had ( and still have ) this problem with virtualmin..

The log itself will probably be too long , so you can add | wc -l pipe

sudo zgrep 'Ban' /var/log/fail2ban.log* | wc -l

or just output all to another text / log with > filename.ext

to unban (ssh as exaample) :

fail2ban-client set ssh-iptables unbanip YOURWANTEDIPADDRESS

or generic form for every wanted jail :

fail2ban-client set THEWANTEDJAILNAME unbanip YOURWANTEDIPADDRESS

Topic locked