#! /bin/bash # shellcheck source=../scripts/helper-functions.sh . /usr/local/bin/helper-functions.sh if ! IPTABLES_OUTPUT=$(iptables -L 2>&1) then echo "IPTables is not functioning correctly. The output of \`iptables -L\` was: ${IPTABLES_OUTPUT} Possible causes for this error are 1. Missing capabilities (you need CAP_NET_RAW & CAP_NET_ADMIN, see \`capsh --print\`) 2. Modifications caused by user-patches.sh 3. Host is configured incorrectly Aborting... " exit 1 fi function usage { echo "Usage: ${0} [ ]" ; } unset JAILS declare -a JAILS for LIST in $(fail2ban-client status | grep "Jail list" | cut -f2- | sed 's/,/ /g') do JAILS+=("${LIST}") done if [[ -z ${1} ]] then IP_COUNT=0 for JAIL in "${JAILS[@]}" do BANNED_IP="$(iptables -L "f2b-${JAIL}" -n 2>/dev/null | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v '0.0.0.0')" if [[ -n ${BANNED_IP} ]] then echo "Banned in ${JAIL}: ${BANNED_IP//$'\n'/, }" IP_COUNT=$(( IP_COUNT + 1 )) fi done if [[ ${IP_COUNT} -eq 0 ]] then echo "No IPs have been banned." fi else case ${1} in unban) shift if [[ -n ${1} ]] then for JAIL in "${JAILS[@]}" do RESULT="$(fail2ban-client set "${JAIL}" unbanip "${@}" 2>&1)" [[ "${RESULT}" != *"is not banned"* ]] && [[ "${RESULT}" != *"NOK"* ]] && echo -e "Unbanned IP from ${JAIL}: ${RESULT}" done else echo "You need to specify an IP address. Run './setup.sh debug fail2ban' to get a list of banned IP addresses." >&2 exit 0 fi ;; *) usage errex "unknown command: ${1}" ;; esac fi exit 0