(last updated on )
This article wasn't updated in the last 3 ¼ years. Please double check if the content is still up-to-date.
If you find any error, please send me a quick heads-up.
If you find any error, please send me a quick heads-up.
If you are using fail2ban or similar tools, they block IP addresses, that they think are attacking them. fail2ban blocks IP addresses eg after a certain number of invalid login attempts.
However, sometimes you accidentally lock yourself out. In this case, access the server via a different IP (or the emergency console) and remove the IP from iptables:
Unblock fail2ban
You can take a look at a numbered list of blocked ips:
iptables -L f2b-sshd -n -v --line-numbers
It may look like this:
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 18 2160 DROP all -- * * 192.168.0.1 0.0.0.0/0
2 54 5184 DROP all -- * * 192.168.0.2 0.0.0.0/0
You can now remove certain lines with the command:
iptables -D f2b-sshd {i}
Keep in mind: after you removed a line, the following lines will move up so the indexes will change. So either remove from “the bottom up” (by descending line number) or recheck the list after every removal.