fail2ban-client

Retrieve current status of the jail service

$ fail2ban-client status [jail]

$ fail2ban-client set [jail] unbanip [ip]

$ fail2ban-client ping

fail2ban-client [OPTIONS] []
fail2ban-client status [ | | ]
fail2ban-client ban [] [] [] []
fail2ban-client unban []

-h, --help
    Display a help message and exit.

-V, --version
    Show program's version number and exit.

-s , --socket=
    Specify the Fail2ban server socket path. Default: /var/run/fail2ban/fail2ban.sock.

-i, --internal
    Use internal (less documented) commands. Generally not for regular use.

-v , --loglevel=
    Set the log level for the client session (DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL).

-q, --quiet
    Suppress all output except for errors.

fail2ban-client is the primary command-line interface for interacting with the fail2ban daemon. It allows administrators to query the status of jails and filters, manually ban or unban IP addresses, retrieve configuration parameters, and control the daemon's behavior. The client communicates with the fail2ban server through a Unix domain socket, typically located at /var/run/fail2ban/fail2ban.sock.

This utility is crucial for real-time monitoring and troubleshooting of fail2ban's security measures. It provides insights into which IPs are currently banned, the reasons for their bans, and the effectiveness of the configured rules. Whether you need to quickly unblock a legitimate user, check the status of a specific jail like sshd, or observe the global logging level, fail2ban-client serves as the essential gateway to your fail2ban instance. Its intuitive command structure simplifies the management of this powerful intrusion prevention system.

The fail2ban-client requires the fail2ban server daemon to be running and accessible.
Users need appropriate permissions (typically root or part of the fail2ban group) to communicate with the daemon's Unix socket.
Careless use of ban or unban commands can inadvertently block legitimate users or expose services if used incorrectly. Always double-check IP addresses before manual bans.

Some frequently used commands include:
status: Show status of all jails or a specific jail.
ban : Manually ban an IP address.
unban : Manually unban an IP address.
reload [JAIL]: Reload configuration for all jails or a specific jail.
stop: Stop the Fail2ban server daemon.
add : Add a new jail dynamically.
set : Set parameters for a jail.

By default, fail2ban-client connects to the daemon via a Unix domain socket, usually located at /var/run/fail2ban/fail2ban.sock. If the socket path is different, it can be specified using the -s or --socket option.

Fail2ban was initially conceived to address brute-force attacks on services like SSH. Developed in Python, it emerged as an open-source project designed to automatically update firewall rules (like iptables) to ban IP addresses that exhibit malicious behavior, such as repeated login failures. The fail2ban-client component has been an integral part of the project since its early stages, providing the necessary interface for administrators to monitor and manage the daemon without directly manipulating its configuration files or firewall rules. Its development has mirrored the evolution of Fail2ban itself, focusing on robustness, extensibility, and ease of use in diverse server environments.

fail2ban(8), fail2ban-server(8), fail2ban-regex(1), jail.conf(5), jail.d(5), fail2ban.conf(5)