Home Explore Help
Sign In
demure
/
scripts
Watch 2
Star 2
Fork 1
Files Issues 0 Pull Requests 0 Wiki
Tree: 971d79ace9
Branches Tags
scripts
/
fail2ban_clear.sh

fail2ban_clear.sh 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. #!/bin/bash
    2. 

  2. 

  3. # Original script by Walter Heitman Jr, first published on http://blog.shanock.com
    4. 

  4. #
    5. 

  5. # Permission is hereby given to use, modify, or redistribute this code in any form or
    6. 

  6. # fashion for any purpose, private or commercial, so long as the credit comment is left intact.
    7. 

  7. 

  8. # Location of Fail2Ban sqlite database
    9. 

  9. DATABASE=/var/lib/fail2ban/fail2ban.sqlite3
    10. 

  10. 

  11. # iprables prefix for Fail2ban chains. Default is "fail2ban"
    12. 

  12. JAILPREFIX="f2b"
    13. 

  13. 

  14. # Get Jails. You can manually change this to a list of jails, as per the commented-out example
    15. 

  15. JAILS=$(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,//g')
    16. 

  16. #JAILS="postfix-sasl sshd apache-auth"
    17. 

  17. 

  18. # See if user wants to force the unban via direct iptables command (i.e. fail2ban lost its database)
    19. 

  19. FORCE=0
    20. 

  20. while getopts "f" OPTION; do
    21. 

  21.         case $OPTION in
    22. 

  22.                 f)
    23. 

  23.                         FORCE=1
    24. 

  24.                         shift $(($OPTIND - 1))
    25. 

  25.                         ;;
    26. 

  26.         esac
    27. 

  27. done
    28. 

  28. 

  29. # Loop through each jail
    30. 

  30. for JAIL in $JAILS; do
    31. 

  31.     # Ask iptables and loop through each IP in the jail
    32. 

  32.     for IPADDRESS in $(iptables -L $JAILPREFIX-$JAIL -n | grep -Eo '([0-9]{1,3}\.){3}[1-9]{1,3}' | grep -v '0.0.0.0'); do
    33. 

  33.         # Check for parameters, which should be individual IPs to unban
    34. 

  34.         if [ $1 ]; then
    35. 

  35.             # Loop through parameters
    36. 

  36.             for UNBANTHIS in "$@"; do
    37. 

  37.                 # If match, unban it the "correct" way
    38. 

  38.                 if [ $UNBANTHIS == $IPADDRESS ]; then
    39. 

  39.                     fail2ban-client set $JAIL unbanip $IPADDRESS
    40. 

  40.                     # If force, make sure IP is unbanned via direct command to iptables
    41. 

  41.                     if [ $FORCE == 1 ]; then
    42. 

  42.                         /sbin/iptables -D $JAILPREFIX-$JAIL -s $IPADDRESS -j REJECT
    43. 

  43.                     fi
    44. 

  44.                 fi
    45. 

  45.             done
    46. 

  46.         else
    47. 

  47.             # If no parameters are specified, just unban everything we find
    48. 

  48.             fail2ban-client set $JAIL unbanip $IPADDRESS
    49. 

  49.         fi
    50. 

  50.     done
    51. 

  51. done
    52. 

  52. 

  53. # Force clear from fail2ban database
    54. 

  54. if [ $1 ]; then
    55. 

  55.     # Loop through parameters, clear each IP from all jails
    56. 

  56.     for UNBANTHIS in "$@"; do
    57. 

  57.         echo -e ".timeout 10000\ndelete from bans where ip = '$UNBANTHIS';" | sqlite3 -echo $DATABASE 
    58. 

  58.     done
    59. 

  59. else
    60. 

  60.     # If no parameters are specified, just purge the entire database
    61. 

  61.     echo -e ".timeout 10000\ndelete from bans;" | sqlite3 -echo $DATABASE
    62. 

  62.         if [ $FORCE == 1 ]; then
    63. 

  63. 

  64.         # If force, flush every iptables chain
    65. 

  65.         for JAIL in $JAILS; do
    66. 

  66.                 /sbin/iptables -F $JAILPREFIX-$JAIL 
    67. 

  67.         done
    68. 

  68.         fi
    69. 

  69. 

  70. fi
    71. 

  71.