Rather then to use fail2ban for this, I would create un ipset that
fail2ban can populate then use that ipset in iptables.

i agree, but:

One advantage of this is that you can add/delete ip from the ipset
without having to restart fail2ban/iptables.


fail2ban allows you to 'unban' an ip address as well:

   > man fail2ban-client
   set <JAIL> unbanip <IP>
       manually Unban <IP> in <JAIL>


Reply via email to