Hello everyone, i'm having a strange behavior with Fail2Ban that i'm not understanding.
I configured fail2ban to work with a Jail for Wordpress bruteforce attacks. In jail.conf I setup the logfile, filter and action, and the max retries time. The action is using a firewall command to ban the IP. Everything is working great, however if for some reason I restart the firewall I quickly see past IPs being banned again through the firewall command I configured in actions. For a moment I though Fail2Ban was processing the entire log files and banning everything it found, but if I grep some of the IPs that Fail2Ban is banning they are nowhere to be found on the apache access logs, which means these are very old IPs that already past the log rotation, yet Fail2Ban is banning them again, as if it has some sort of cache that it reruns after restarting. Anyone know how I can prevent this from happening? My firewall is limited to 1000 blocked IPs and fail2ban fills that in seconds if it is restarted.
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
