|
Can you set your ipset set with a default timeout? It is a supported
parameter. This is only a workaround. On 08/04/2016 17:25,
[email protected] wrote:
I'm looking at the various *ipset*.confactions in current fail2ban. They currently use an internal bantime, for example shorewall-ipset-proto6.conf ... actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist ... [Init] bantime = 600 There's been a lot of discussion https://www.google.com/#q=fail2ban+ipset+bantime about ipset bantimes in-jail vs in-action. In particular, there's https://github.com/fail2ban/fail2ban/issues/540 where a comment from Dec 30, 2013 is made This will change sometime in 0.9.x like #10 and #321 when bantime will be set from the jail configuration. in /10, from Jun 4, 2015 Following the reference from #540, this issue is still sadly present. iptables-ipset needs bantime , but it is not defined as a parameter for action_ (and still isn't effective when passed in as bantime="%(bantime)s"). in /321, I'm not sure how it relates to bantime. Passing bantime in from jails seems to make the most sense to me. Can it be done for ipsets? If not, is it planned? Jason ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
