Why fail2ban banned the IP in the first place?
Fail2ban watches your logs (SSH auth logs, nginx access logs, etc.) for patterns that look like brute-forcing or abuse — too many failed logins, too many requests in too short a window — and temporarily firewalls that IP out using iptables or nftables rules.
It's doing its job correctly most of the time; the annoying case is when you (or a legitimate crawler, or a colleague on a shared office IP) trip the same threshold by accident.
How to unblock an IP
- Find the jail name involved
- Confirm the IP address is indeed blocked
- Unblock the IP using the jail name and IP address
fail2ban-client status
nft list ruleset
fail2ban-client set <jail-name> unbanip <ip-address>
nft list ruleset
This will list the current firewall rules, and should display the IP address in a named set
fail2ban-client status
This will include output that lists the names of available jails. You need to identify the correct jail in order to unblock the IP
fail2ban-client set <jail-name> unbanip <ip-address>
If found, this will remove the block on the IP from the corresponding jail
Common problems
- It gets banned again a few minutes later. This means the underlying behavior that triggered the ban is still happening — unbanning doesn't fix the cause. Check what's making the repeated requests/logins (a misconfigured script, a monitoring tool polling too fast, a bot) and fix that, or you'll be back here again.
- unbanip says the IP isn't banned, but it's still blocked. Sometimes a ban was applied directly via iptables/nftables outside of fail2ban's own tracking (or a previous fail2ban version left stale rules behind). Check the raw firewall rules directly: iptables -L -n | grep <ip> or nft list ruleset | grep <ip>, and remove the rule manually if fail2ban doesn't recognize it.
- You want to make sure this never happens to your own IP again. Add a permanent allowlist entry in /etc/fail2ban/jail.local under ignoreip, e.g. ignoreip = 127.0.0.1/8 ::1 203.0.113.42, then restart fail2ban (systemctl restart fail2ban). This is worth doing proactively for your office/home IP and any legitimate services you rely on.