Search Our Database
How to ban an IP address in Fail2Ban
Introduction
This article guides you through how to manually ban an IP address in Fail2Ban on a Linux server via the command-line interface (CLI). This is useful if you need to immediately block a suspicious IP without waiting for Fail2Ban’s automatic detection rules.
We will use the fail2ban-client command, which is part of the Fail2Ban package.
Pre-requisites
- Root or sudo access to your Linux server.
- SSH access to the server.
- Fail2Ban installed and running.
Steps to Ban an IP Address in Fail2Ban
Step 1: Connect to Your Server via SSH
Use an SSH client (e.g., PuTTY or terminal) to log in:
ssh youruser@your.server.ip
Step 2: List Active Jails
Identify the jail you want to apply the ban to:
sudo fail2ban-client status
📌 Note: Look for the Jail list line in the output.
Step 3: Ban the IP Address
Run the following command, replacing <jail_name> with the jail’s name (e.g., sshd) and <IP_ADDRESS> with the IP you want to block:
sudo fail2ban-client set <jail_name> banip <IP_ADDRESS>
Example for banning 203.0.113.25 in the SSH jail:
sudo fail2ban-client set sshd banip 203.0.113.25
Step 4: Verify the Ban
Check if the IP is now listed under the banned IP list for that jail:
sudo fail2ban-client status <jail_name>
Expected output will include a line similar to:
Banned IP list: 203.0.113.25
Conclusion
By using fail2ban-client, you can quickly and manually ban IP addresses in any Fail2Ban jail. This allows you to respond to suspicious activity immediately, without relying solely on automated triggers.
If you require assistance or encounter any issues, please contact our support team at support@ipserverone.com.