FAIL2BAN-CLIENT(1) User Commands FAIL2BAN-CLIENT(1) NAME fail2ban-client - configure and control the server SYNOPSIS fail2ban-client [OPTIONS] DESCRIPTION Fail2Ban v1.1.0 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. OPTIONS -c, --conf configuration directory -s, --socket socket path -p, --pidfile pidfile path --pname name of the process (main thread) to identify instance (default fail2ban-server) --loglevel logging level --logtarget logging target, use file-name or stdout, stderr, syslog or sysout. --syslogsocket auto| -d dump configuration. For debugging --dp, --dump-pretty dump the configuration using more human readable representation -t, --test test configuration (can be also specified with start parameters) -i interactive mode -v increase verbosity -q decrease verbosity -x force execution of the server (remove socket file) -b start server in background (default) -f start server in foreground --async start server in async mode (for internal usage only, don't read configuration) --timeout timeout to wait for the server (for internal usage only, don't read configuration) --str2sec convert time abbreviation format to seconds -h, --help display this help message -V, --version print the version (-V returns machine-readable short format) COMMAND BASIC start starts the server and the jails restart restarts the server restart [--unban] [--if-exists] restarts the jail (alias for 'reload --restart ... ') reload [--restart] [--unban] [--all] reloads the configuration without restarting of the server, the option '--restart' activates completely restarting of affected jails, thereby can unban IP addresses (if option '--unban' specified) reload [--restart] [--unban] [--if-exists] reloads the jail , or restarts it (if option '--restart' specified) stop stops all jails and terminate the server unban --all unbans all IP addresses (in all jails and database) unban ... unbans (in all jails and database) banned return jails with banned IPs as dictionary banned ... ] return list(s) of jails where given IP(s) are banned status gets the current status of the server status --all [FLAVOR] gets the current status of all jails, with optional flavor or extended info stat[istic]s gets the current statistics of all jails as table ping tests if the server is alive echo for internal usage, returns back and outputs a given string help return this output version return the server version LOGGING set loglevel sets logging level to . Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5) get loglevel gets the logging level set logtarget sets logging target to . Can be STDOUT, STDERR, SYSLOG, SYSTEMD-JOURNAL or a file get logtarget gets logging target set syslogsocket auto| sets the syslog socket path to auto or . Only used if logtarget is SYSLOG get syslogsocket gets syslog socket path flushlogs flushes the logtarget if a file and reopens it. For log rotation. DATABASE set dbfile set the location of fail2ban persistent datastore. Set to "None" to disable get dbfile get the location of fail2ban persistent datastore set dbmaxmatches sets the max number of matches stored in database per ticket get dbmaxmatches gets the max number of matches stored in database per ticket set dbpurgeage sets the max age in that history of bans will be kept get dbpurgeage gets the max age in seconds that history of bans will be kept JAIL CONTROL add creates using start starts the jail stop stops the jail . The jail is removed status [FLAVOR] gets the current status of , with optional flavor or extended info JAIL CONFIGURATION set idle on|off sets the idle state of set ignoreself true|false allows the ignoring of own IP addresses set addignoreip adds to the ignore list of set delignoreip removes from the ignore list of set ignorecommand sets ignorecommand of set ignorecache sets ignorecache of set addlogpath ['tail'] adds to the monitoring list of , optionally starting at the 'tail' of the file (default 'head'). set dellogpath removes from the monitoring list of set logencoding sets the of the log files for set addjournalmatch adds to the journal filter of set deljournalmatch removes from the journal filter of set addfailregex adds the regular expression which must match failures for set delfailregex removes the regular expression at for failregex set addignoreregex adds the regular expression which should match pattern to exclude for set delignoreregex removes the regular expression at for ignoreregex set findtime sets the number of seconds for which the filter will look back for set bantime sets the number of seconds a host will be banned for set datepattern sets the used to match date/times for set usedns sets the usedns mode for set attempt [ ... ] manually notify about failure set banip ... manually Ban for set unbanip [--report-absent] ... manually Unban in set maxretry sets the number of failures before banning the host for set maxmatches sets the max number of matches stored in memory per ticket in set maxlines sets the number of to buffer for regex search for set addaction [ ] adds a new action named for . Optionally for a Python based action, a and can be specified, else will be a Command Action set delaction removes the action from COMMAND ACTION CONFIGURATION set action actionstart sets the start command of the action for set action actionstop sets the stop command of the action for set action actioncheck sets the check command of the action for set action actionban sets the ban command of the action for set action actionunban sets the unban command of the action for set action timeout sets as the command timeout in seconds for the action for GENERAL ACTION CONFIGURATION set action sets the of for the action for set action [ ] calls the with for the action for JAIL INFORMATION get banned return banned IPs of get banned ... ] return 1 if IP is banned in otherwise 0, or a list of 1/0 for multiple IPs get logpath gets the list of the monitored files for get logencoding gets the encoding of the log files for get journalmatch gets the journal filter match for get ignoreself gets the current value of the ignoring the own IP addresses get ignoreip gets the list of ignored IP addresses for get ignorecommand gets ignorecommand of get failregex gets the list of regular expressions which matches the failures for get ignoreregex gets the list of regular expressions which matches patterns to ignore for get findtime gets the time for which the filter will look back for failures for get bantime gets the time a host is banned for get datepattern gets the pattern used to match date/times for get usedns gets the usedns setting for get banip [|--with-time] gets the list of of banned IP addresses for . Optionally the separator character ('', default is space) or the option ' --with-time' (printing the times of ban) may be specified. The IPs are ordered by end of ban. get maxretry gets the number of failures allowed for get maxmatches gets the max number of matches stored in memory per ticket in get maxlines gets the number of lines to buffer for get actions gets a list of actions for COMMAND ACTION INFORMATION get action actionstart gets the start command for the action for get action actionstop gets the stop command for the action for get action actioncheck gets the check command for the action for get action actionban gets the ban command for the action for get action actionunban gets the unban command for the action for get action timeout gets the command timeout in seconds for the action for GENERAL ACTION INFORMATION get actionproperties gets a list of properties for the action for get actionmethods gets a list of methods for the action for get action gets the value of for the action for FILES /etc/fail2ban/* REPORTING BUGS Report bugs to https://github.com/fail2ban/fail2ban/issues SEE ALSO fail2ban-server(1) jail.conf(5) Fail2Ban v1.1.0 April 2024 FAIL2BAN-CLIENT(1)