Scroll to navigation

FAIL2BAN-CLIENT(1) User Commands FAIL2BAN-CLIENT(1)

NAME

fail2ban-client - configure and control the server

SYNOPSIS

fail2ban-client [OPTIONS] <COMMAND>

DESCRIPTION

Fail2Ban v1.1.0 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

OPTIONS

configuration directory
socket path
pidfile path
name of the process (main thread) to identify instance (default fail2ban-server)
logging level
logging target, use file-name or stdout, stderr, syslog or sysout.

--syslogsocket auto|<FILE>

dump configuration. For debugging
dump the configuration using more human readable representation
test configuration (can be also specified with start parameters)
interactive mode
increase verbosity
decrease verbosity
force execution of the server (remove socket file)
start server in background (default)
start server in foreground
start server in async mode (for internal usage only, don't read configuration)
timeout to wait for the server (for internal usage only, don't read configuration)
convert time abbreviation format to seconds
display this help message
print the version (-V returns machine-readable short format)

COMMAND

BASIC
starts the server and the jails
restarts the server
restarts the jail <JAIL> (alias for 'reload --restart ... <JAIL>')
reloads the configuration without restarting of the server, the option '--restart' activates completely restarting of affected jails, thereby can unban IP addresses (if option '--unban' specified)
reloads the jail <JAIL>, or restarts it (if option '--restart' specified)
stops all jails and terminate the server
unbans all IP addresses (in all jails and database)
unbans <IP> (in all jails and database)
return jails with banned IPs as dictionary
return list(s) of jails where given IP(s) are banned
gets the current status of the server
gets the current status of all jails, with optional flavor or extended info
gets the current statistics of all jails as table
tests if the server is alive
for internal usage, returns back and outputs a given string
return this output
return the server version
LOGGING
sets logging level to <LEVEL>. Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5)
gets the logging level
sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG, SYSTEMD-JOURNAL or a file
gets logging target
sets the syslog socket path to auto or <SOCKET>. Only used if logtarget is SYSLOG
gets syslog socket path
flushes the logtarget if a file and reopens it. For log rotation.
DATABASE
set the location of fail2ban persistent datastore. Set to "None" to disable
get the location of fail2ban persistent datastore
sets the max number of matches stored in database per ticket
gets the max number of matches stored in database per ticket
sets the max age in <SECONDS> that history of bans will be kept
gets the max age in seconds that history of bans will be kept
JAIL CONTROL
creates <JAIL> using <BACKEND>
starts the jail <JAIL>
stops the jail <JAIL>. The jail is removed
gets the current status of <JAIL>, with optional flavor or extended info
JAIL CONFIGURATION
sets the idle state of <JAIL>
allows the ignoring of own IP addresses
adds <IP> to the ignore list of <JAIL>
removes <IP> from the ignore list of <JAIL>
sets ignorecommand of <JAIL>
sets ignorecache of <JAIL>
adds <FILE> to the monitoring list of <JAIL>, optionally starting at the 'tail' of the file (default 'head').
removes <FILE> from the monitoring list of <JAIL>
sets the <ENCODING> of the log files for <JAIL>
adds <MATCH> to the journal filter of <JAIL>
removes <MATCH> from the journal filter of <JAIL>
adds the regular expression <REGEX> which must match failures for <JAIL>
removes the regular expression at <INDEX> for failregex
adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>
removes the regular expression at <INDEX> for ignoreregex
sets the number of seconds <TIME> for which the filter will look back for <JAIL>
sets the number of seconds <TIME> a host will be banned for <JAIL>
sets the <PATTERN> used to match date/times for <JAIL>
sets the usedns mode for <JAIL>
manually notify about <IP> failure
manually Ban <IP> for <JAIL>
manually Unban <IP> in <JAIL>
sets the number of failures <RETRY> before banning the host for <JAIL>
sets the max number of matches stored in memory per ticket in <JAIL>
sets the number of <LINES> to buffer for regex search for <JAIL>
adds a new action named <ACT> for <JAIL>. Optionally for a Python based action, a <PYTHONFILE> and <JSONKWARGS> can be specified, else will be a Command Action
removes the action <ACT> from <JAIL>
COMMAND ACTION CONFIGURATION
sets the start command <CMD> of the action <ACT> for <JAIL>
action <ACT> for <JAIL>
sets the check command <CMD> of the action <ACT> for <JAIL>
sets the ban command <CMD> of the action <ACT> for <JAIL>
sets the unban command <CMD> of the action <ACT> for <JAIL>
sets <TIMEOUT> as the command timeout in seconds for the action <ACT> for <JAIL>
GENERAL ACTION CONFIGURATION
sets the <VALUE> of <PROPERTY> for the action <ACT> for <JAIL>
calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL>
JAIL INFORMATION
return banned IPs of <JAIL>
return 1 if IP is banned in <JAIL> otherwise 0, or a list of 1/0 for multiple IPs
gets the list of the monitored files for <JAIL>
gets the encoding of the log files for <JAIL>
gets the journal filter match for <JAIL>
gets the current value of the ignoring the own IP addresses
gets the list of ignored IP addresses for <JAIL>
gets ignorecommand of <JAIL>
gets the list of regular expressions which matches the failures for <JAIL>
gets the list of regular expressions which matches patterns to ignore for <JAIL>
gets the time for which the filter will look back for failures for <JAIL>
gets the time a host is banned for <JAIL>
gets the pattern used to match date/times for <JAIL>
gets the usedns setting for <JAIL>
gets the list of of banned IP addresses for <JAIL>. Optionally the separator character ('<SEP>', default is space) or the option ' --with-time' (printing the times of ban) may be specified. The IPs are ordered by end of ban.
gets the number of failures allowed for <JAIL>
gets the max number of matches stored in memory per ticket in <JAIL>
gets the number of lines to buffer for <JAIL>
gets a list of actions for <JAIL>
COMMAND ACTION INFORMATION
gets the start command for the action <ACT> for <JAIL>
gets the stop command for the action <ACT> for <JAIL>
gets the check command for the action <ACT> for <JAIL>
gets the ban command for the action <ACT> for <JAIL>
gets the unban command for the action <ACT> for <JAIL>
gets the command timeout in seconds for the action <ACT> for <JAIL>
GENERAL ACTION INFORMATION
gets a list of properties for the action <ACT> for <JAIL>
gets a list of methods for the action <ACT> for <JAIL>
gets the value of <PROPERTY> for the action <ACT> for <JAIL>

FILES

/etc/fail2ban/*

REPORTING BUGS

Report bugs via Debian bug tracking system http://www.debian.org/Bugs/ .

SEE ALSO

fail2ban-server(1) jail.conf(5)

April 2024 Fail2Ban v1.1.0