Unban everyone from a specific jail

Question

I'm testing a jail configuration, and sometimes I need to release falsely banned IPs from that jail. So not a specific IP, not everyone from all jails, but everyone from a given jail.

• Closest I could find is get JAIL actionunban ACT, which requires me to specify an action, and feels like it's meant to be used for something else (also, what if I have multiple actions?).

• The docs mention the stop command:

  stop <JAIL> stops the jail <JAIL>. The jail is removed

  • But I'm not sure if it will remove the jail completely?
  • Plus it says nothing about unbanning the IPs.
  • And I don't really need to stop the jail, I need it running. If I run start <JAIL> right away, will it restore the bans?

• Some people also mention manually clearing the iptables rules, but that doesn't feel like the right way to handle this.

All I need is to reset the jail, i.e. release everyone from the jail as if they were never banned, and immediately move on. Feel like this should be easy, but googling since yesterday, and can't find an exact answer. Please help.

Answer 1

But I'm not sure if it will remove the jail completely?
If I run start right away, will it restore the bans?

Yes and yes. It will remove jail, so you need to start it again (use restart instead)...
but a start will cause a restore for the active bans. Newest version (>= 0.10) had an option --unban for that purposes.
In older versions you've to remove tickets from database for the jail before you'd start it.
Or unban the IPs with individually.

Plus it says nothing about unbanning the IPs.

Then maybe you've indeed an older version:

fail2ban-client --help; # excerpt with operations doing unban:
Fail2Ban v0.10.5
    restart [--unban] [--if-exists] <JAIL>
    reload [--restart] [--unban] [--if-exists] <JAIL>
    unban --all
    unban <IP> ... <IP>
    set <JAIL> unbanip [--report-absent] <IP> ... <IP>

See https://manpages.debian.org/buster/fail2ban/fail2ban-client.1.en.html for manual of 0.10.