On Wed, Jul 22, 2015 at 01:08:43PM +0000, Rodrigo Abrantes Antunes wrote: > Hi, where does fail2ban store the current banned ips and the ammount of > time left to unban them? How many banned ips at the same time fail2ban can > handle? What's the recommended size Im'of the logs that fail2ban analizes? > > I'm having about 1000 ips banned and when I restart fail2ban the server > stops responding and I have to force reboot. In the logs I saw that it was > unbanning ip by ip. I tried flush the tables via iptables but it still > tries to unban ip by ip.
I suspect the issue here is the extensible nature of fail2ban. The core of fail2ban doesn't actually know how to ban and unban IPs; all it does is call an "action" for each ban/unban. That action could be calling iptables or ufw, it could be controlling the local firewall or one on a remote machine. So, at the moment, all that fail2ban can do is to spawn that script multiple times, once for each IP. I suppose it might be nice to have "setup"/"flush" actions (in addition to "ban" and "unban") which, if set, add and remove IPs in bulk from the firewall. What I'm thinking is that, where a firewall system supports bulk banning/unbanning, a different action can be called when the jail is started or stopped (respectively), but when the "setup" or "flush" action isn't set (because the system doesn't support that), then it falls back to banning/unbanning individual IPs.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
