How to whitelist IPs in Fail2Ban

Prevent trusted IP addresses from being banned by adding them to the Fail2Ban ignoreip whitelist.

How to whitelist IPs in Fail2Ban
Prerequisites
Step-by-Step: Whitelist IPs in Fail2Ban
How to Verify the Whitelist

How to whitelist IPs in Fail2Ban

Prevent trusted IP addresses from being banned by adding them to the Fail2Ban ignoreip whitelist.

Prerequisites

Fail2Ban installed and running.

Step-by-Step: Whitelist IPs in Fail2Ban

Edit /etc/fail2ban/jail.local and add trusted IPs to the ignoreip setting in the [DEFAULT] section. Fail2Ban accepts individual IPs, CIDR ranges, and hostnames:
```
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 203.0.113.10 198.51.100.0/24
```
Restart Fail2Ban to apply:
```
sudo systemctl restart fail2ban
```

How to Verify the Whitelist

Confirm the ignoreip setting is active:

sudo fail2ban-client get sshd ignoreip

The output lists all whitelisted IPs and ranges for the jail.