How to Whitelist IP Addresses in fail2ban | ubuntu | RunCloud

How to whitelist IP in fail2Ban?

Fail2ban is an open-source intrusion prevention software that protects servers from brute-force attacks, password guessing, and other malicious activities by detecting and blocking suspicious traffic. It works by monitoring log files for patterns that indicate a security breach, and then takes action such as blocking the attacker's IP address.

However, there may be times when you want to whitelist certain IP addresses, allowing them to access your server even if they trigger a fail2ban ban. In this blog post, we will explore how to whitelist IP addresses in fail2ban.

Step 1: Locate the fail2ban configuration file

The first step is to locate the fail2ban configuration file. The location of the file can vary depending on the operating system and distribution you are using. For example, on Ubuntu, the file is located at /etc/fail2ban/jail.conf or /etc/fail2ban/jail.local(Please use this if you are a RunCloud user). On CentOS, the file is located at /etc/fail2ban/jail.conf.

Step 2: Open the fail2ban configuration file

Once you have located the fail2ban configuration file, you can open it with a text editor of your choice. For example, you can use the following command to open the file with nano:

sudo nano /etc/fail2ban/jail.conf

For this example, we have used a RunCloud server so it will have some filters added from their side.

Step 3: Add your IP addresses 

In the configuration file, find the [DEFAULT] section and find the following lines:

[DEFAULT] 
ignoreip = 127.0.0.1/8 your_ip_address

Replace your_ip_address with the IP address you want to whitelist. You can add multiple IP addresses by separating them with a space.

Once the value is updated it will look as above.

Step 4: Save and close the configuration file

Once you have made the changes to the fail2ban configuration file, save and close the file. If you have used nano as given in our example, the ctrl+x and type 'y' and press enter to save to same file.

Step 5: Restart the fail2ban service

To apply the changes, you need to restart the fail2ban service. You can use the following command to restart the service:

sudo service fail2ban restart

That's it! You have successfully whitelisted an IP address in fail2ban. The IP address you whitelisted will now be ignored by fail2ban and will not be blocked even if it triggers a fail2ban ban.

Conclusion

In conclusion, whitelisting IP addresses in fail2ban can be a useful way to allow trusted users or services to access your server, even if they trigger a fail2ban ban. By following the steps outlined in this article, you can easily create a new filter, configure the jail to use the filter, and whitelist the desired IP address. However, it is important to exercise caution when whitelisting IP addresses, as this can reduce the effectiveness of fail2ban in detecting and blocking malicious activity. It's essential to only whitelist IP addresses that you trust and have a legitimate need to access your server.