I’ve had a server for a while now that I usually don’t use for much. From time to time I tell myself that I should start using it for some personal projects, but I never really do. Until now…
About a week ago I decided to finally do something with it besides hosting buzu.me. From some time now I’ve had a small app to manage a side business of mine. I had it running on a local host on a laptop that I could take anywhere to manage my business, but at times that became a little problematic for numerous reasons, including pure laziness to turn the computer on, or not being able to register a payment because I didn’t have the laptop close when visiting friends who had happen to purchase something “on credit”.
Last Saturday while at the store, which by the way opens only on Saturdays in a farmers market of sorts, I decided to take the time to start setting up the server for my app, and in the process I locked my self out of it after failing to login a couple of times. I contacted support to ask them to remove my IP from the blacklist, and was able to log in again just to lock myself out again trying to ssh into the server instead of using the control panel. I asked support to again remove my IP address from the blacklist, and to resend my SSH login information. It turns out it was different from my control panel information.
Since, in the past, this has happened to me a couple of times, I decided to just learn how to remove my IP from the blacklist so that if I ever lock myself out again on a certain IP because of a mistype or something I could just connect to another network and log in correctly to remove my original IP from the blacklist. Given how my server blocks any IP after only 3 failed attempts, it is not really unthinkable that at some point I will need to clear my IP from the blacklist.
It turns out that using
iptables this is a really simple process:
- Find out the IP you want to clear out.
- Search the
iptablesfilter table for that IP to get the rule number.
- Delete that chain/rulenumber
You can find the IP address that you want to remove by connecting to that network and using any of the services out there to check your IP.
iptables for that IP you can do this in the console:
iptables -L --line-numbers | grep "22.214.171.124"
using your ip instead of 126.96.36.199. That will return the lines where that IP is found. Those are the lines you need to remove, but before doing that you will need to find out the chain where those lines are. For this you can just list all the rules for the filter table, and look for the lines you got before:
iptables -L --line-numbers
You do not have to look at all the rules one by one, but rather at the line number you got before in each of the chains. Once you find a line that matches, just look a few lines before. Right before the first line in the current sequence of lines you should see a line with no number that starts with “Chain ” and then it says the chain name. In my specific case searching for my IP in
iptables got me 2 results in DENYIN, and DENYOUT respectively.
Once you have this information all you have to do is delete those lines:
iptables -D DENYIN NNN
Where NNN is the line number you want to remove, and DENYIN is your chain name which may be different.
You should do this with care as it relates to the security of your server.
If you would like to learn more about
iptables you can read the manual: