Cara Melihat dan Membuka IP yang Terblock oleh IP Tables & Fail2ban

Kesempatan ini saya akan menulis panduan mengenai bagaimana meniadakan ip address yang terlanjur terblok oleh fail2ban.

Baik itu sebab gempuran / serangan atau sebab kita salah masukkan sandi seringkali.

Pada intinya fail2ban bekerja bersama dengan iptables untuk penutupan ip yang disangka menggempur / menyerang computer kita

Di bawah ini langkah serta commandnya langkah meniadakan ip itu dari iptables.

lakukan command ini untuk lihat semua rule di iptables, tekankan ada pada model root di terminal anda

$# iptables -L –line-number

Hasilnya tentu akan berbeda-beda. Punya saya seperti ini:

Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-sshd tcp — anywhere anywhere multiport dports ssh
2 fail2ban-VESTA tcp — anywhere anywhere tcp dpt:8083
3 fail2ban-MAIL tcp — anywhere anywhere multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
4 fail2ban-FTP tcp — anywhere anywhere tcp dpt:ftp
5 fail2ban-SSH tcp — anywhere anywhere tcp dpt:ssh
6 ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
7 ACCEPT all — sgv1.jogjapromo.com anywhere
8 ACCEPT all — localhost anywhere
9 ACCEPT tcp — anywhere anywhere tcp dpt:ssh
10 ACCEPT tcp — anywhere anywhere multiport dports http,https
11 ACCEPT tcp — anywhere anywhere multiport dports ftp,12000:12100
12 ACCEPT udp — anywhere anywhere udp dpt:domain
13 ACCEPT tcp — anywhere anywhere tcp dpt:domain
14 ACCEPT tcp — anywhere anywhere multiport dports smtp,urd,submission,2525
15 ACCEPT tcp — anywhere anywhere multiport dports pop3,pop3s
16 ACCEPT tcp — anywhere anywhere multiport dports imap2,imaps
17 ACCEPT tcp — anywhere anywhere multiport dports mysql,postgresql
18 ACCEPT tcp — anywhere anywhere tcp dpt:8083
19 ACCEPT icmp — anywhere anywhere

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain f2b-sshd (1 references)
num target prot opt source destination
1 REJECT all — 156.215.121.34.bc.googleusercontent.com anywhere reject-with icmp-port-unreachable
2 REJECT all — 191.232.234.0 anywhere reject-with icmp-port-unreachable
3 REJECT all — pool-37-83-126-181.telecel.com.py anywhere reject-with icmp-port-unreachable
4 REJECT all — ns506885.ip-198-27-82.net anywhere reject-with icmp-port-unreachable
5 REJECT all — host-195-223-211-242.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
6 REJECT all — 302.ahorasoft.com anywhere reject-with icmp-port-unreachable
7 REJECT all — 150.136.81.55 anywhere reject-with icmp-port-unreachable
8 REJECT all — 198.199.125.87 anywhere reject-with icmp-port-unreachable
9 REJECT all — 46.30.19.175.adsl-pool.jlccptt.net.cn anywhere reject-with icmp-port-unreachable
10 REJECT all — 124.160.83.138 anywhere reject-with icmp-port-unreachable
11 REJECT all — cpe-66-68-187-140.austin.res.rr.com anywhere reject-with icmp-port-unreachable
12 REJECT all — 129.226.114.97 anywhere reject-with icmp-port-unreachable
13 REJECT all — mail.folloelektriske.no anywhere reject-with icmp-port-unreachable
14 REJECT all — host-156.215.195.50-static.tedata.net anywhere reject-with icmp-port-unreachable
15 REJECT all — 194.152.206.93 anywhere reject-with icmp-port-unreachable
16 REJECT all — bd07813c.virtua.com.br anywhere reject-with icmp-port-unreachable
17 RETURN all — anywhere anywhere
18 RETURN all — anywhere anywhere

Chain fail2ban-FTP (1 references)
num target prot opt source destination
1 RETURN all — anywhere anywhere

Chain fail2ban-MAIL (1 references)
num target prot opt source destination
1 REJECT all — 212.70.149.68 anywhere reject-with icmp-port-unreachable
2 REJECT all — 45.142.120.15 anywhere reject-with icmp-port-unreachable
3 REJECT all — 45.142.120.20 anywhere reject-with icmp-port-unreachable
4 RETURN all — anywhere anywhere

Chain fail2ban-SSH (1 references)
num target prot opt source destination
1 REJECT all — 156.215.121.34.bc.googleusercontent.com anywhere reject-with icmp-port-unreachable
2 REJECT all — 191.232.234.0 anywhere reject-with icmp-port-unreachable
3 REJECT all — pool-37-83-126-181.telecel.com.py anywhere reject-with icmp-port-unreachable
4 REJECT all — ns506885.ip-198-27-82.net anywhere reject-with icmp-port-unreachable
5 REJECT all — host-195-223-211-242.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
6 REJECT all — 302.ahorasoft.com anywhere reject-with icmp-port-unreachable
7 REJECT all — 150.136.81.55 anywhere reject-with icmp-port-unreachable
8 REJECT all — 198.199.125.87 anywhere reject-with icmp-port-unreachable
9 REJECT all — 46.30.19.175.adsl-pool.jlccptt.net.cn anywhere reject-with icmp-port-unreachable
10 REJECT all — 124.160.83.138 anywhere reject-with icmp-port-unreachable
11 REJECT all — cpe-66-68-187-140.austin.res.rr.com anywhere reject-with icmp-port-unreachable
12 REJECT all — 129.226.114.97 anywhere reject-with icmp-port-unreachable
13 REJECT all — mail.folloelektriske.no anywhere reject-with icmp-port-unreachable
14 REJECT all — host-156.215.195.50-static.tedata.net anywhere reject-with icmp-port-unreachable
15 REJECT all — 194.152.206.93 anywhere reject-with icmp-port-unreachable
16 REJECT all — bd07813c.virtua.com.br anywhere reject-with icmp-port-unreachable
17 REJECT all — korematsu.tor-exit.calyxinstitute.org anywhere reject-with icmp-port-unreachable
18 RETURN all — anywhere anywhere

Chain fail2ban-VESTA (1 references)
num target prot opt source destination
1 RETURN all — anywhere anywhere

Nah Tampilan hasil punya saya seperti di atas.

Untuk menghapusnya misal saya ingin menghapus 129.226.114.97 chain fail2ban-SSH  maka perintahnya adalah:

# iptables -D fail2ban-SSH 12

maksud dari pada command diatas adalah bahwa kita akan memerintahkan iptables untuk menghapus ( -D ) rules di iptables dengan chain name ( fail2ban-SSH ) dengan urutan no ( 12 ).

Semoga dapat membantu.