Hi,
if a filter for a service detects a event the action changes the firewall
status as expected. During the configured ban time I get further events and
would like that the ban interval is renewed / shifted forward instead the
fail2ban system actually waits until the ban time is over and runs a unban
action. After this immediatly the service is banned again. I don't want
that kind of flipping.
I understand that this is not the case usually, because the close of the
firewall avoids new events coming in.
In my special case I use fail2ban in the inverse sense. As long as I get a
special event in a given interval again and again the firewall should be
kept open and if no event is detect longer as the "ban" interval the
firewall is closed again.
It would be great to get some hints where/how I could patch fail2ban to
achieve this goal.
Cheers
Martin
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
