When we use Fail2ban we can be sure that brute force attacks will not prosper on our server, but the drawback of this type of protection is that we ourselves, the end users can be blocked or banned by exceeding the maximum attempts allowed in each service, if we have somewhat flexible configurations that only block us for a few minutes and hours there should be no problem, we just wait. If we use days to determine the blocking time or that it is an indefinite block, and we find ourselves blocked, we can use a quite simple command to unblock IP addresses.
To unblock or unban a single address or list of IP addresses, we execute:
sudo fail2ban-client unban 1.1.1.1 2.2.2.2We can unban a single IP or multiple IPs with the same command, only separating them with spaces between each address.
If we want to unblock all blocked IP addresses, we use:
sudo fail2ban-client unban --allIf we want to know if an address or multiple IPs are blocked before unblocking it, we execute, with the IP addresses separated by spaces:
sudo fail2ban-client banned 1.1.1.1 2.2.2.2With this, it will show us in which services the IPs are blocked. This last command is useful if we want to know if we have a connection problem, with the server or if we are really blocked.
If in the future we need to avoid this type of drawback, we must remember that Fail2ban has a whitelist, if we enter an IP addresses in this list, it will not be blocked, even if we reach the maximum number of attempts to use the services of our system.