From man ipset:
timeout value
parameter when creating a set and adding entries. The value of the timeout parameter for the create command
means the default
timeout value (in seconds) for new entries. If a set is created with timeout support, then the same timeout
option can be used to
specify non-default timeout values when adding entries. Zero timeout value means the entry is added permanent
to the set. The
timeout value of already added elements can be changed by readding the
element using the -exist option.
From /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf:
actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
iptables -I INPUT -m set --match-set fail2ban-<name> src -j
<blocktype>
.
.
actionban = ipset add fail2ban-<name> <ip> timeout <bantime> -exist
.
.
bantime = 600
The bantime here merely sets the time if no time is given in the action
command. The jail:
action = iptables-ipset-proto6-allports[name=zimbra-recipient]
does not send the bantime to the default it taken. You should use:
action = iptables-ipset-proto6-allports[name=zimbra-recipient, bantime=604800]
HTH,
Bill
On 1/19/2015 9:37 PM, [email protected] wrote:
apparently this is the way you have to do it in the jail.local
action = iptables-ipset-proto6-allports[name=zimbra-recipient,
bantime=604800]
Otherwise the action ignores the fail2ban 'bantime = X' value
If I do that and restart you now get
ipset -L fail2ban-zimbra-recipient
Name: fail2ban-zimbra-recipient
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 16504
References: 1
Members:
Notice the timeout = 604800
Header: family inet hashsize 1024 maxelem 65536 timeout 604800
not = 600 like before
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
