I'm looking at the various
*ipset*.conf
actions in current fail2ban.
They currently use an internal bantime, for example
shorewall-ipset-proto6.conf
...
actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
...
[Init]
bantime = 600
There's been a lot of discussion
https://www.google.com/#q=fail2ban+ipset+bantime
about ipset bantimes in-jail vs in-action.
In particular, there's
https://github.com/fail2ban/fail2ban/issues/540
where a comment from Dec 30, 2013 is made
This will change sometime in 0.9.x like #10 and #321 when bantime will
be set from the jail configuration.
in /10, from Jun 4, 2015
Following the reference from #540, this issue is still sadly present.
iptables-ipset needs bantime , but it is not defined as a parameter for action_
(and still isn't effective when passed in as bantime="%(bantime)s").
in /321, I'm not sure how it relates to bantime.
Passing bantime in from jails seems to make the most sense to me.
Can it be done for ipsets? If not, is it planned?
Jason
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
