Hello Richard! Am 25.02.2016 um 17:25 schrieb Richard Mealing: > Hey Christoph, > > I get a lot of this - > > WARNING Determined IP using DNS Lookup: 35143 = ['0.0.137.71']
I don't know the internals of fail2ban, I'm only trying to keep the port in FreeBSD up-to-date :) I would start with figuring out why you get these strange IP addresses. I hope fail2ban developers will point out a way to test the regex to verify that they get the right lines and find the IP address. As a start: did you check with fail2ban-regex if there are any suspicious matches? Unfortunately it will print the line only and I can't see what it makes of the date and the IP address. And can you use the "mail with logline" action to get an idea which line causes these IP addresses (I hope, but never checked, that action_mwl will include the line)? I don't use the sendmail jail so I can't guarantee that the regex don't have a bug. As your 24k banned IP addresses: I have no idea if this is to much for ipfw or to change allowed memory. I never had to deal with that :) Maybe it is one of these IP addresses which causes the problem. I don't dare to try what happens when I try to block 0.0.0.0 ... And do you really want to ban for 1 year by default? Best regards Christoph ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
