On Mon, Apr 11, 2016, at 10:32 AM, Bill Shirley wrote:
> It could be your ignoreip preventing the ban or not enough hits (maxretry)
> within findtime. It also
> could be that all those hits are from the same IP address (not likely
> thought).
iiuc, ignoreip whitelists ONLY the ips it lists.
my ignoreip lists only my internal & external IPs.
and wouldn't a bad ignoreip= prevent all matches?
the 'problem' exists even with maxretry=1; tho there are definitely enough hits
it any case
and not, those hits come from 10+ addresses.
> Post your jail.
cat jail.local
[DEFAULT]
enabled = false
destemail = [email protected]
sender = [email protected]
ignoreip = 127.0.0.1/8 10.15.1.0/24 10.15.2.0/24 XX.XX.XX.XX
ignorecommand =
maxretry = 3
bantime = %(one_hour)s
findtime = %(six_hours)s
filter = %(__name__)s
action = %(action_mwl)s
backend = auto
usedns = warn
logencoding = utf-8
mta = sendmail
protocol = tcp
chain = INPUT
[postfix-ipset]
enabled = true
logpath = /var/log/postfix/postfix.log
maxretry = 1
findtime = %(one_week)s
bantime = 60
filter = my-ipset
action = postfix-ipset[expiretime=%(one_week)s]
cat action.d/postfix-ipset.conf
[INCLUDES]
before = iptables-common.conf
[Definition]
actioncheck =
actionstart =
actionstop =
actionban = ipset -exist add f2b-<name> <ip> timeout <expiretime>
actionunban =
[Init]
name = Ip
expiretime = 3600
Jason
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
