The ipfire refused to remove it from the list of blocked hosts. Logging in with ssh and checking /var/log/messages, I found this:
So I had to disable the IP in the ignore list, remove it from the blocked list, then re-enable it in the ignore list.Nov 20 17:13:51 ipfire guardian: <info> Ignoring event for <IP-ADDRESS>, because it is part of the ignore list.
Is this deliberate behaviour or a bug? I had assumed that the ignore list was meant to apply to IDS events, not to user requests!