.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. .TH FAIL2BAN-CLIENT "1" "April 2024" "Fail2Ban v1.1.1.dev1" "User Commands" .SH NAME fail2ban-client \- configure and control the server .SH SYNOPSIS .B fail2ban-client [\fI\,OPTIONS\/\fR] \fI\,\/\fR .SH DESCRIPTION Fail2Ban v1.1.1.dev1 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. .SH OPTIONS .TP \fB\-c\fR, \fB\-\-conf\fR configuration directory .TP \fB\-s\fR, \fB\-\-socket\fR socket path .TP \fB\-p\fR, \fB\-\-pidfile\fR pidfile path .TP \fB\-\-pname\fR name of the process (main thread) to identify instance (default fail2ban\-server) .TP \fB\-\-loglevel\fR logging level .TP \fB\-\-logtarget\fR logging target, use file\-name or stdout, stderr, syslog or sysout. .HP \fB\-\-syslogsocket\fR auto| .TP \fB\-d\fR dump configuration. For debugging .TP \fB\-\-dp\fR, \fB\-\-dump\-pretty\fR dump the configuration using more human readable representation .TP \fB\-t\fR, \fB\-\-test\fR test configuration (can be also specified with start parameters) .TP \fB\-i\fR interactive mode .TP \fB\-v\fR increase verbosity .TP \fB\-q\fR decrease verbosity .TP \fB\-x\fR force execution of the server (remove socket file) .TP \fB\-b\fR start server in background (default) .TP \fB\-f\fR start server in foreground .TP \fB\-\-async\fR start server in async mode (for internal usage only, don't read configuration) .TP \fB\-\-timeout\fR timeout to wait for the server (for internal usage only, don't read configuration) .TP \fB\-\-str2sec\fR convert time abbreviation format to seconds .TP \fB\-h\fR, \fB\-\-help\fR display this help message .TP \fB\-V\fR, \fB\-\-version\fR print the version (\fB\-V\fR returns machine\-readable short format) .SH COMMAND .IP BASIC .TP \fBstart\fR starts the server and the jails .TP \fBrestart\fR restarts the server .TP \fBrestart [\-\-unban] [\-\-if\-exists] \fR restarts the jail (alias for 'reload \fB\-\-restart\fR ... ') .TP \fBreload [\-\-restart] [\-\-unban] [\-\-all]\fR reloads the configuration without restarting of the server, the option '\-\-restart' activates completely restarting of affected jails, thereby can unban IP addresses (if option '\-\-unban' specified) .TP \fBreload [\-\-restart] [\-\-unban] [\-\-if\-exists] \fR reloads the jail , or restarts it (if option '\-\-restart' specified) .TP \fBstop\fR stops all jails and terminate the server .TP \fBunban \fB\-\-all\fR\fR unbans all IP addresses (in all jails and database) .TP \fBunban ... \fR unbans (in all jails and database) .TP \fBbanned\fR return jails with banned IPs as dictionary .TP \fBbanned ... ]\fR return list(s) of jails where given IP(s) are banned .TP \fBstatus\fR gets the current status of the server .TP \fBstatus \fB\-\-all\fR [FLAVOR]\fR gets the current status of all jails, with optional flavor or extended info .TP \fBstat[istic]s\fR gets the current statistics of all jails as table .TP \fBping\fR tests if the server is alive .TP \fBecho\fR for internal usage, returns back and outputs a given string .TP \fBhelp\fR return this output .TP \fBversion\fR return the server version .IP LOGGING .TP \fBset loglevel \fR sets logging level to . Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50\-5) .TP \fBget loglevel\fR gets the logging level .TP \fBset logtarget \fR sets logging target to . Can be STDOUT, STDERR, SYSLOG, SYSTEMD\-JOURNAL or a file .TP \fBget logtarget\fR gets logging target .TP \fBset syslogsocket auto|\fR sets the syslog socket path to auto or . Only used if logtarget is SYSLOG .TP \fBget syslogsocket\fR gets syslog socket path .TP \fBflushlogs\fR flushes the logtarget if a file and reopens it. For log rotation. .IP DATABASE .TP \fBset dbfile \fR set the location of fail2ban persistent datastore. Set to "None" to disable .TP \fBget dbfile\fR get the location of fail2ban persistent datastore .TP \fBset dbmaxmatches \fR sets the max number of matches stored in database per ticket .TP \fBget dbmaxmatches\fR gets the max number of matches stored in database per ticket .TP \fBset dbpurgeage \fR sets the max age in that history of bans will be kept .TP \fBget dbpurgeage\fR gets the max age in seconds that history of bans will be kept .IP JAIL CONTROL .TP \fBadd \fR creates using .TP \fBstart \fR starts the jail .TP \fBstop \fR stops the jail . The jail is removed .TP \fBstatus [FLAVOR]\fR gets the current status of , with optional flavor or extended info .IP JAIL CONFIGURATION .TP \fBset idle on|off\fR sets the idle state of .TP \fBset ignoreself true|false\fR allows the ignoring of own IP addresses .TP \fBset addignoreip \fR adds to the ignore list of .TP \fBset delignoreip \fR removes from the ignore list of .TP \fBset ignorecommand \fR sets ignorecommand of .TP \fBset ignorecache \fR sets ignorecache of .TP \fBset addlogpath ['tail']\fR adds to the monitoring list of , optionally starting at the 'tail' of the file (default \&'head'). .TP \fBset dellogpath \fR removes from the monitoring list of .TP \fBset logencoding \fR sets the of the log files for .TP \fBset addjournalmatch \fR adds to the journal filter of .TP \fBset deljournalmatch \fR removes from the journal filter of .TP \fBset addfailregex \fR adds the regular expression which must match failures for .TP \fBset delfailregex \fR removes the regular expression at for failregex .TP \fBset addignoreregex \fR adds the regular expression which should match pattern to exclude for .TP \fBset delignoreregex \fR removes the regular expression at for ignoreregex .TP \fBset findtime