Unblock IP in iptables

servers Aug 30, 2020

If you are using fail2ban or similar tools, they block IP addresses, that they think are attacking them. fail2ban blocks IP addresses eg after a certain number of invalid login attempts.

However, sometimes you accidentally lock yourself out. In this case, access the server via a different IP (or the emergency console) and remove the IP from iptables:

Unblock fail2ban

You can take a look at a numbered list of blocked ips:

iptables -L f2b-sshd -n -v --line-numbers

It may look like this:

Chain f2b-sshd (1 references)
 num   pkts bytes target     prot opt in     out     source               destination        
 1       18  2160 DROP       all  --  *      *          
 2       54  5184 DROP       all  --  *      * 

You can now remove certain lines with the command:

iptables -D f2b-sshd {i}
Keep in mind: after you removed a line, the following lines will move up so the indexes will change. So either remove from "the bottom up" (by descending line number) or recheck the list after every removal.

Photo credit: Simon Peel