About Fail2ban IP blocking
Fail2ban is fantastic Linux security software that blocks multiple authentication failures on a Linux host. The beauty of this software is hackers are locked and a fixed amount of attemtps and you can greatly fine tune the system. Additionally, it support a number of protocols, including sshd, postfix-sasl, dovecot, and many many more.
Checking locked out IP addresses
Occasionally you may want to check the IPs that are blocked, for example, if a known client inadvertently repeatedly tried the wrong password.
To check which IPs have been blocked by Fail2ban postfix-sasl jail, use the following command:
fail2ban-client status postfix-sasl
Sample output:
Status for the jail: postfix-sasl |- Filter | |- Currently failed: 1 | |- Total failed: 92763 | `- Journal matches: _SYSTEMD_UNIT=postfix.service `- Actions |- Currently banned: 3 |- Total banned: 12004 `- Banned IP list: 103.231.139.55 103.231.139.149 103.231.139.142
To see which jails are active, use the following command:
[root@host ~]# fail2ban-client status
Sample output:
Status |- Number of jail: 7 `- Jail list: dovecot, postfix, postfix-sasl, proftpd, ssh-ddos, sshd, webmin-auth
Reference:
https://www.the-lazy-dev.com/en/fail2ban-client-show-banned-ips/