Client banned based on IP?

Sounds like your on the right track now.

Can you whitelist an IP with fail2ban ?

Yes Im looking for now how to whitelist or unban, but also a question for me what was the reason of the ban…
I have done nothing special, I was just using the system as a regular user.

Solved now using the fail2ban-client as describen here

thanks to All for taking care !

Thank you @Rokasan

Your question prompted me to check my /var/log/nginx/error.log

All the connection attempt activity there gives me cause for concern.

I need to do a security audit review and investigate my need for a proxy

Hi All,

I have same problem, it’s for client, it will occur like every 2-3 days, the Client’s IP will be blocked for about 10 mins.

I can solve it with iptables -F to flush all the -A rules to make the system back to work. But it will occur again definitely.

I checked web.error.log, I noticed the worker keep exit and booting, I don’t know if this is normal?

I can flush the rules to remove the BAN or just wait a while, the ban will be released (Sometimes I didn’t do anything it will recover).

But it seems a bit annoying. I need to know what has caused the problem? How to avoid valid user IP banned by the f2b-NoNginxProxy?

Hi All,

Just now I tried to add my client IP and my IP into the white-list with the command fail2ban-client set JAIL_NAME addignoreip IP, to find your jail name, you can use command fail2ban-client status.

To get the white list you can use command: fail2ban-client get JAIL_NAME ignoreip


Please let me know if I’m doing right thing, many thanks!

If it helps you, I will be very happy!


Looks like the fail2ban still bans pos connected to the server on offline mode.

One of my clients IP was getting banned for some time, This was occurring everyday.
I have added the Static IP to the ignore list, will test it for few days and get back to this thread.

Thanks for the guide.

This is helpful.

I added the Static IP’s to the Whitelist but now one of the outlet dont have static IP anymore, So i had to stop fail2ban service.

is there any way to make it less strict?

You could tweak the config of fail2ban yourself as this is just a standard install. Frappe haven’t done anything specific with this. But obviously if you reduce the IP checks you run the risk of security problems with possible attacks

Otherwise you could use a DNS service like the free on your pos terminal so that you have a standard DNS hostname instead of an IP that you base fail2ban rules on even with the IP changing at times.

Yes I want thinking the same to put DDNS, As I read about it in some other thread, But will have to make it everywhere. WIll try this method also, As I am not comfortable to disable the fail2ban service.

Tweaking will not help as it is again making the server vulnerable just like disabling the service.

I will try the DDNS and check how it goes.

Yes using ddns isn’t perfect as it can take say up to 30s to change up on the hostname.

But if can work and may be your best solution


I was thinking how does the Fail2ban check the ip coming from the POS is from the same DDNS added to the ignore list??

I was searching through the fail2ban service page, but I couldnt find the answer to this. By Default it has a checik on domain name check ?

I’m not sure. But basically you are Chet only the hostname of course. The ddns does all the wot keeping track of the IP changes against the fixed hostname.


Yes Dear I am aware of that, As we have many DDNS for our clients But I was concerned about the fail2ban side as how it will verify the hostname it the ip address.

Anyways I have created a new DDNS Hostname and updated the IP with a update client now added this hostname to the fail2ban ignore list.

Lets see how accurate it can work.

Hi @fkardame, did the DDNS solve you blocking issue?

Yes, it works fine. I created DDNS for client outlets and added them to ignorelist in Fail2ban and since then it doesnt block those DDNS IP’s

1 Like

This is very helpful but it is removed once system is rebooted.

What can be done to keep the ignore ip always in the jail?

Can someone help?

@fkardame I faced this issue only 2 days ago and I resolved it by whitelisting my IP and adding ignoreip [my ip address] to jail.conf under the [default] section. I’ve rebooted my server twice since then and the ban hasn’t reoccurred.

Hi did you able to fix this issue?
Which method used.
Ddns and fail2ban?

Any permanent solution you found?

You can just add ignoreip in /etc/fail2ban/jail.conf


After that restart the fail2ban service

sudo systemctl restart fail2ban