Howto ban IP with Fail2Ban manually by command line?


Solution 1

You ban him manually by adding his IP to the firewall. If you are using UFW, then you write something like this in your command line:

ufw insert 1 deny from <ip> to any

But you do not want to do that manually - the purpose of Fail2Ban is to ban someone automatically. Use this tutorial to configure Fail2Ban to automatically update your UFW rules. The importan part is to add banaction = ufw-SOMETHING to your jail.conf, and then create ufw-SOMETHING.conf in the /etc/fail2ban/action.d/ folder with the following content:

actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any

This will ban the IP completely for a predefined amount of time. If you want to ban him until next reboot, omit the actionunban command.

Solution 2

fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ

Check the jail where to add the IP using fail2ban-client status

Both commands may require to be executed as sudoer. In this case add a sudo before them.

Solution 3

Ban IP manually

fail2ban-client set jail_name banip xx.xx.xx.xx

Author by


Updated on July 09, 2022


  • udgru
    udgru over 1 year

    How do I ban an attacker IP with Fail2Ban manually by command line?

  • udgru
    udgru over 8 years
    I asked for Fail2Ban, sorry ;-) What are the differences between UFW and IPTables? Which one is better?
  • alesc
    alesc over 8 years
    This is for Fail2Ban - at least the second half of the post. Fail2Ban cannot ban the attacker on its own. It has to trigger a firewall rule in order to successfully ban an IP. Did you check the tutorial on the link that I have provided? And regarding iptables vs. ufw: UFW runs on top of iptables. So in both cases you are using iptables, UFW just simplifies your firewall setup (rules).
  • B. Shea
    B. Shea over 7 years
    Says: "with Fail2Ban .. by command line' not: 'with ufw firewall' via filter file. The fail2ban-client can add to your jails by IP as per other answers. Your answer just adds more confusion IMO for end-user. No reason to enter ufw commands into this. The default iptables action of 'reject-with icmp-port-unreachable' is just fine as well. You do highlight (some of) the versatility of fail2ban.. but that's about it.
  • B. Shea
    B. Shea over 7 years
    sudo iptables -nL - May help, too. Will give you a quick IP ban list (if using iptables) and show who is in each iptables jail.
  • Geoffrey
    Geoffrey over 4 years
    Works great but please stop telling people to use sudo everywhere, to anyone running a server where fail2ban is required it's blatantly obvious that root access is required to alter the firewall, and in some cases sudo isn't even available in some high security or embedded configurations.
  • symcbean
    symcbean almost 4 years
    "in some cases sudo isn't even available in some high security or embedded configurations" - I've worked with highly secure systems where sudo is the only way to get root - and the question was tagged as Ubuntu which does not allow direct access to the root account by default.
  • Sam Sirry
    Sam Sirry over 3 years
    Tip: To unban an address, use the same command with "unbanip" instead of "banip"
  • Altimus Prime
    Altimus Prime over 3 years
    What is -vvv for?
  • localsixosix
    localsixosix over 3 years
    @AltimusPrime increases verbosity of the output. It's much more verbose than -v
  • Gwyneth Llewelyn
    Gwyneth Llewelyn about 3 years
    Tip #2: You can now ban/unban multiple IPs, using fail2ban-client -vvv set JAIL banip A.B.C.D E.F.G.H.I J.K.L.M .... W.X.Y.Z
  • Alan Porter
    Alan Porter almost 3 years
    An aside for those arguing about the merits of specifying "sudo" before admin commands: if you're tired of prefixing every command with "sudo", and you'd like to just get a root shell like in the good old days, you can use "sudo -s" to get a local root shell or "sudo -i" to get a LOGIN root shell. Thanks for the fail2ban help.
  • fcm
    fcm almost 3 years
    fail2ban-client set sshd banip fail2ban-client set sshd unbanip
  • Jared Still
    Jared Still over 2 years
    While this works, it is only temporary. I have used it to ban an IP, and fail2ban then unbanned it later. How can an ip be permanently banned? By creating a new jail?
  • Jared Still
    Jared Still over 2 years
    Replying to my own earlier comment. The answer seems to be upgrading to fail2ban 11, as it deals with repeat offenders by incrementing the ban time.
  • Ahmed Shehab
    Ahmed Shehab over 2 years
    @JaredStill as far as I remember fail2ban by default uses sqilte database to keep track of these IPs and you need to configure the parameter actionstart to reapply the ip record from the db. check configuration documentation .
  • Waqas Khan
    Waqas Khan about 2 years
    also be careful with the above command, it reset my fail2ban and all trusted IPs were lost.