I don't know if you missed it but there has been a similar thread recently: http://sourceforge.net/p/fail2ban/mailman/fail2ban-users/thread/5613A88B.1080306%40castlehillcc.co.za/#msg34518311
It suggested just flushing the chain when f2b stopped rather than unbanning IP address by IP address. There is also a very neat method using ipset which is faster to add IP's to and can also expire IP addresses automatically. Nick On 2015-10-27 10:59, Rodrigo Abrantes Antunes wrote: > Still some doubts.. > > 1- But how fail2ban knows which ips it needs to unban, it stores them > in a temporary file? > > 2- And how can I view the time left to unban an IP? > > 3- How many banned ips at the same time fail2ban can handle without > slow down the system? > > 4- What's the recommended size of the logs that fail2ban analizes > (syslog, kern.log, etc) ? I think if the file is too big it can slows > down fail2ban right? > > Many questions, sorry.. > > Citando Darac Marjal <[email protected]>: > >> On Wed, Jul 22, 2015 at 01:08:43PM +0000, Rodrigo Abrantes Antunes >> wrote: >> >>> Hi, where does fail2ban store the current banned ips and the >>> ammount of >>> time left to unban them? How many banned ips at the same time >>> fail2ban can >>> handle? What's the recommended size Im'of the logs that fail2ban >>> analizes? >>> >>> I'm having about 1000 ips banned and when I restart fail2ban the >>> server >>> stops responding and I have to force reboot. In the logs I saw >>> that it was >>> unbanning ip by ip. I tried flush the tables via iptables but it >>> still >>> tries to unban ip by ip. >> I suspect the issue here is the extensible nature of fail2ban. The >> core >> of fail2ban doesn't actually know how to ban and unban IPs; all it >> does >> is call an "action" for each ban/unban. That action could be >> calling >> iptables or ufw, it could be controlling the local firewall or one >> on a >> remote machine. So, at the moment, all that fail2ban can do is to >> spawn >> that script multiple times, once for each IP. >> >> I suppose it might be nice to have "setup"/"flush" actions (in >> addition >> to "ban" and "unban") which, if set, add and remove IPs in bulk >> from the >> firewall. What I'm thinking is that, where a firewall system >> supports >> bulk banning/unbanning, a different action can be called when the >> jail >> is started or stopped (respectively), but when the "setup" or >> "flush" >> action isn't set (because the system doesn't support that), then >> itfalls back to banning/unbanning individual IPs. > > Rodrigo Abrantes Antunes > Instituto Federal Sul-rio-grandense > ------------------------------------------------------------------------------ > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
