Still some doubts..
1- But how fail2ban knows which ips it needs to unban, it stores them in a
temporary file?
2- And how can I view the time left to unban an IP?
3- How many banned ips at the same time fail2ban can handle without slow
down the system?
4- What's the recommended size of the logs that fail2ban analizes (syslog,
kern.log, etc) ? I think if the file is too big it can slows down fail2ban
right?
Many questions, sorry..
Citando Darac Marjal <[email protected]>:
On Wed, Jul 22, 2015 at 01:08:43PM +0000, Rodrigo Abrantes Antunes wrote:
Hi, where does fail2ban store the current banned ips and the ammount of
time left to unban them? How many banned ips at the same time
fail2ban can
handle? What's the recommended size Im'of the logs that fail2ban
analizes?
I'm having about 1000 ips banned and when I restart fail2ban the
server
stops responding and I have to force reboot. In the logs I saw that
it was
unbanning ip by ip. I tried flush the tables via iptables but it
still
tries to unban ip by ip.
I suspect the issue here is the extensible nature of fail2ban. The core
of fail2ban doesn't actually know how to ban and unban IPs; all it does
is call an "action" for each ban/unban. That action could be calling
iptables or ufw, it could be controlling the local firewall or one on a
remote machine. So, at the moment, all that fail2ban can do is to spawn
that script multiple times, once for each IP.
I suppose it might be nice to have "setup"/"flush" actions (in addition
to "ban" and "unban") which, if set, add and remove IPs in bulk from the
firewall. What I'm thinking is that, where a firewall system supports
bulk banning/unbanning, a different action can be called when the jail
is started or stopped (respectively), but when the "setup" or "flush"
action isn't set (because the system doesn't support that), then itfalls
back to banning/unbanning individual IPs.
--
Rodrigo Abrantes Antunes
Instituto Federal Sul-rio-grandense
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
