Re: [Fail2ban-users] fail2ban not rescanning logs & readding hits on f2b restart. what config did I miss here?

Tue, 27 Jan 2015 13:54:08 -0800 

If I understand it:
bantime in a jail is the number of seconds before fail2ban issues the unban 
action.
bantime in an action just fills in anything that is missing on the call to the 
action;  same as port, protocol, etc.

jail.local
[my_ssh]
.
action         = my_ipset_ipport[name=TestIpPort]



my_ipset_ipport:
.
[Definition]
.
.
actionban = ipset add fail2ban-<name> <ip>,<protocol>:<port> timeout <bantime> 
-exist

[Init]
name = IpPort
port = ssh
protocol = tcp
bantime = 3600

Since the jail action call does not supply <port>, <protocol>, or <bantime>; 
the action [Init] section values are used.

HTH,
Bill

On 1/21/2015 8:05 PM, Lee Clemens wrote:
My point regarding this is that I am still unclear why the action overrides the bantime - why not use the bantime defined by the jail's configuration? 

On 01/21/2015 04:54 AM, Bill Shirley wrote:

<snip>

The bantime here merely sets the time if no time is given in the action 
command.  The jail:
action = iptables-ipset-proto6-allports[name=zimbra-recipient]
does not send the bantime to the default it taken.  You should use:
action = iptables-ipset-proto6-allports[name=zimbra-recipient, bantime=604800]

HTH,
Bill

On 1/19/2015 9:37 PM, [email protected] wrote:
<snip>




------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to