Since my iptables keeps growing, listing the whole table can take more than a few minutes these days. I dug around and found a couple of options that will do the job faster:
iptables -D chainname -s theipaddress -j DROP
Alternately, you can list:
iptables -L -v --line-numbers
Then delete:
iptables -D chainname linenumber_of_IP_to_delete
This will make cleaning up the Fail2Ban tables a lot easier, especially if one of your users decides to ban himself and you have to sift through a ton of numbers to find his IP.
If you’ve found yourself unfortunate to lock yourself out of SSH and banning yourself from your own server via Fail2Ban, then here’s how to unban yourself:
iptables -L
look at the Chain fail2ban-ssh
notice the ip address to unban and count at which line number this is.
e.g.:
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP 0 -- 61.236.117.xxx anywhere
DROP 0 -- 61.236.117.yyy anywhere
RETURN 0 -- anywhere anywhere
execute the following command:
iptables -D fail2ban-ssh
if you want to unban user 61.236.117.yyy use:
iptables -D fail2ban-ssh 2
I’ve been using a lot of this lately:
iptables -A INPUT -s IP-ADDRESS -j DROP
service iptables save
I’ve noticed that pop3 attempts aren’t being filtered by Fail2Ban; I’ve seen an increase in dictionary attacks on this port and have had to resort to manually banning the offenders. I’ve also installed a LogViewer in WHM to assist in the fight.
a gardening gamer gal in search of good grub!