Remote Commands

Execute fail2ban and system commands on managed servers directly from the Bloqd dashboard.

Overview

Remote commands allow administrators to:

Manage fail2ban jails (enable, disable, reload)
Ban/unban specific IPs
Deploy jail configurations
Check server status
Execute custom commands

How It Works

┌────────────┐     Command      ┌────────────┐     Execute     ┌────────────┐
│  Dashboard │────────────────►│   Bloqd    │────────────────►│   Agent    │
│   (User)   │                 │  (Queue)   │                 │  (Server)  │
└────────────┘                 └────────────┘                 └─────┬──────┘
                                                                    │
                                     ◄──────────────────────────────┘
                                          Result callback

User initiates command from dashboard
Bloqd queues command for target server
Agent polls for pending commands
Agent executes command locally
Agent reports result back to Bloqd
Dashboard shows command result

Command Types

fail2ban Commands

Command	Description	Example
`jail-status`	Get jail status	`fail2ban-client status sshd`
`jail-enable`	Enable a jail	`fail2ban-client start sshd`
`jail-disable`	Disable a jail	`fail2ban-client stop sshd`
`jail-reload`	Reload jail config	`fail2ban-client reload sshd`
`ban-ip`	Ban an IP	`fail2ban-client set sshd banip 1.2.3.4`
`unban-ip`	Unban an IP	`fail2ban-client set sshd unbanip 1.2.3.4`
`reload-all`	Reload fail2ban	`fail2ban-client reload`

Template Deployment

Command	Description
`deploy-template`	Write jail config and filter to server
`remove-template`	Remove jail config from server
`verify-template`	Check if template is correctly installed

System Commands

Command	Description
`service-status`	Check fail2ban service status
`service-restart`	Restart fail2ban service
`check-logs`	Retrieve recent fail2ban logs

Using Remote Commands

From Jail List

Go to Servers → Select a server
Navigate to Jails tab
Click the action menu (⋮) on any jail
Select action:
- Enable - Start the jail
- Disable - Stop the jail
- Reload - Reload configuration

From Ban List

Go to Bans page
Find a ban entry
Click Unban to remove the ban
Or click Ban on an IP to manually ban it

From Templates

Go to Templates page
Select a template
Click Deploy to Server
Choose target server(s)
Confirm deployment

Command Queue

Commands are queued and executed asynchronously.

Queue Status

View pending commands:

Go to Servers → Select server
Click Command History tab
See pending, running, and completed commands

Command States

State	Description
`pending`	Waiting for agent to pick up
`running`	Agent is executing
`completed`	Successfully executed
`failed`	Execution failed
`timeout`	Agent didn't respond in time

Timeout Handling

Default timeout: 60 seconds
If agent doesn't respond, command marked as timeout
Timed out commands can be retried

Security

Permission Requirements

Remote commands require appropriate permissions:

Role	Allowed Commands
Viewer	None
Operator	ban-ip, unban-ip, jail-status
Admin	All commands

Command Validation

All commands are validated before execution:

Only whitelisted commands allowed
Parameters sanitized
IP addresses validated
Jail names checked against known jails

Audit Logging

All commands are logged:

Who initiated the command
What command was executed
When it was executed
Result of execution

API Usage

Execute Command

curl -X POST "https://bloqd.example.com/api/v1/servers/{serverId}/commands" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "command": "ban-ip",
    "params": {
      "jail": "sshd",
      "ip": "192.168.1.100"
    }
  }'

Check Command Status

curl "https://bloqd.example.com/api/v1/commands/{commandId}" \
  -H "Authorization: Bearer YOUR_API_KEY"

List Command History

curl "https://bloqd.example.com/api/v1/servers/{serverId}/commands" \
  -H "Authorization: Bearer YOUR_API_KEY"

Batch Commands

Execute same command on multiple servers:

Go to Servers page
Select multiple servers (checkbox)
Click Batch Actions
Choose command
Confirm execution

Via API

curl -X POST "https://bloqd.example.com/api/v1/commands/batch" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "serverIds": ["server1-uuid", "server2-uuid"],
    "command": "reload-all"
  }'

Troubleshooting

Command Stuck in Pending

Check agent is running on target server
Verify agent can reach Bloqd API
Check agent logs for errors

Command Failed

View error message in command details
Check agent logs for full error
Verify permissions on target server
Ensure fail2ban is installed and running

Permission Denied

Verify your user role allows the command
Check API key has sufficient permissions
Contact admin to upgrade permissions

Best Practices

Use templates - Deploy tested configurations
Review before executing - Especially for batch commands
Monitor results - Check command completed successfully
Use appropriate roles - Don't give admin access unnecessarily
Test on one server first - Before batch deployment

Overview​

How It Works​

Command Types​

fail2ban Commands​

Template Deployment​

System Commands​

Using Remote Commands​

From Jail List​

From Ban List​

From Templates​

Command Queue​

Queue Status​

Command States​

Timeout Handling​

Security​

Permission Requirements​

Command Validation​

Audit Logging​

API Usage​

Execute Command​

Check Command Status​

List Command History​

Batch Commands​

Via API​

Troubleshooting​

Command Stuck in Pending​

Command Failed​

Permission Denied​

Best Practices​