I am running FirewallD. Fail2ban has block a test ip address…I cannot find where to unblock it /var/lib/iptables doesnt exist!
The webmin document is way outdated on this…it directs me to /var/lib/iptables for the fail2ban blocked ip list.
That directory doesnt existing on my Debian VPS!!!
So where is fail2ban storing blocked ip addresses on virtualmin?
Why isnt fail2ban using firewallD?
FirewallD and IPtables are two unrelated firewalls. Fail2ban is using firewallD. That part of the instructions was from when webmin defaulted to Iptables firewall and then fail2ban was added. Later on, they switched to FirewallD as the default firewall. I dont use firewalld but in webmin > networking > firewallD it should show all the blocks/allow lines.
yes, but it does not…that is empty.
What i am now thinking is that fail2ban is not actually using any other source for storing the blocked ip addresses…i think it is adding the block ip address within a log file in fail2ban itself.
The problem is that the Webmin website tutorial is outdated and has not been rewritten to suit current defaults within webmin/virtualmin…hence my confusion.
sudo zgrep 'Ban:' /var/log/fail2ban.log*
or a prettier view ( only for iptables ) :
sudo iptables -L INPUT -v -n | less
general log :
fail2ban-client status sshd
Make sure also that it is really banned ( see if you can login after 10 min ) becasue fail2ban is temporary block in nature.
If you can not login after long time that it is not that problem… take a look also at the virtual memory - I had ( and still have ) this problem with virtualmin…
The log itself will probably be too long , so you can add
| wc -l pipe
sudo zgrep 'Ban' /var/log/fail2ban.log* | wc -l
or just output all to another text / log with
to unban (ssh as exaample) :
fail2ban-client set ssh-iptables unbanip YOURWANTEDIPADDRESS
or generic form for every wanted jail :
fail2ban-client set THEWANTEDJAILNAME unbanip YOURWANTEDIPADDRESS
@adamjedgar why not using virtualmin gui for that?
to unban someone banned by f2b just log into your virtualmin and follow the screenshot…
Webmin > Networking > Linux Firewall there scroll down and find the IP… if you know the blocked IP just hit CTRL-F and type in exact IP… then click on small check ‘‘button’’ to mark it in action tab as shown on screenshot and then simply hit Delete Selected red button… once done the ip is unblocked.
Click on image to enlarge