>
>
> > Ah ok I see why it's putting all this ERROR stuff in the log now. I
> know it's minor but is it possible to clean this up in the future? I know
> this might be a painful change but maybe instead of using the return code,
> how about defining that ignore commands should return a number say 0 or 1.
>
> They do return a 0 or 1, that's pretty standard (well, 0 and non-zero
> return codes, anyway).
>
> What if there is an error while executing the ignorecommand (not the
> intentional non-zero, but an actual error), shouldn't that get logged? I
> see your point, but given the construct of the existing framework for
> `ignorecommand`, what do you have in mind?
>
> >
>
Here is what I had in mind in case you missed it:
> > Or here's another possible idea: Instead of an ignorecommand, what about
> a postfilter command which is given arguments like the ignorecomand but
> returns a list of addresses or address/masks to ban, one per line? This
> way, it could return nothing and have the same effect as the
> ignorecommand. It could also return multiple addresses if it wanted to
> (for example the corresponding a net block of ipv4 addresses or an ip6
> address block...nudge nudge). This would get around overloading the error
> code for ignorecommand and allow you to return a true error if the
> postfilter command really failed.
>
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
