- Check the status of Fail2Ban jails and banned IPs.
- Remove an IP address or DNS-resolved IPs from a Fail2Ban jail.
- Analyze and display blocked IP statistics from firewall logs.
- Bash
- Fail2Ban
- Firewall with firewalld (for stats script)
Clone the repository to your local machine:
git clone https://github.com/filipnet/fail2ban-ops.git
cd fail2ban-ops
chmod +x fail2ban-ops-*Checks the status of Fail2Ban jails and lists banned IP addresses.
./fail2ban-ops-status.shRemoves an IP address (IPv4/IPv6) or DNS-resolved IPs from a Fail2Ban jail.
./fail2ban-ops-unban.sh <IP/Hostname> <Jail-Name>Example: Prevent Locking Yourself Out with Dynamic PPPoE IPs
If you are using a dynamic IP address (e.g., assigned via PPPoE from your ISP), Fail2Ban may occasionally block your own IP due to false-positive detections. To prevent permanently locking yourself out of your server, you can use the fail2ban-ops-unban.sh script to periodically unban your IP. This works by targeting a dynamic DNS hostname that always resolves to your current public IP.
Cron Job Example (runs every 5 minutes):
*/5 * * * * /root/fail2ban-ops/fail2ban-ops-unban.sh your-hostname.dyndns.org portscan >/dev/null 2>&1This ensures that your current IP, even when dynamically assigned, is regularly removed from the specified Fail2Ban jail (e.g., portscan), preventing accidental lockouts.
Analyzes and displays blocked IP statistics from firewall logs based on Fail2Ban activity.
./fail2ban-ops-stats.shContributions are welcome! Feel free to submit a pull request or open an issue for any bugs or feature requests.
fail2ban-ops and all individual scripts are under the BSD 3-Clause license unless explicitly noted otherwise. Please refer to the LICENSE.