Hi, The action file is bsd-ipfw.conf. I haven’t changed it at all. I think I’m going to use some manual intervention. I might build my own RBL!
From: Harrison Johnson [mailto:[email protected]] Sent: 14 August 2015 22:18 To: [email protected] Subject: Re: [Fail2ban-users] Fail2ban and ddos over 86 lines per second. try setting max retry to 1 I don't know what happens if you set it to 0 I have never tried it. I just took a quick look at the man page for ipfw I don't think my iptables experience will be much help but I'll give it a try. If you are seeing "found" in your log files the filter is most likely correct, so what is in the action file for that jail? On Fri, 2015-08-14 at 14:32 +0000, Richard Mealing wrote: Hi, I’m running a busy mail server using freebsd and we are seeing about 90 lines per second in my sendmail logs. I’ve tried using maxretry = 0 but in the fail2ban logs I see lots of ‘found’ but not much ‘ban’ going on. I’m using findtime 60 and bantime 604800 just to try and get fail2ban to ban things, but not much is changing. I tried findtime 3600 also but I’m still seeing lots of ‘Found’. Why does it not just ‘Ban’ ? I’m using a few things for ddos in sendmail, to prevent such attacks. I don’t know if it matters, but my bds-ipfw.conf action suggests this – startstatefile = /var/run/fail2ban/ipfw-started-table_<table> But I have no such file – ls -l /var/run/fail2ban/ total 2 -rw------- 1 root wheel 6 Aug 14 15:06 fail2ban.pid srwx------ 1 root wheel 0 Aug 14 15:06 fail2ban.sock Should I have? Could someone tell me what I should use to mitigate this issue and start banning properly? I was thinking about playing with maxlines next.. Also I’m using gamin as backend, as auto doesn’t seem to ban more than 4k addresses. With gamin I get about 10k, but then my maillog is still streaming down with incoming connections and I stop getting the ‘Ban’ notice logs and just get INFO ‘Found’ logs. Any pointers welcome. Thanks, Rich ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
