I don't see anything wrong except you're not using your ipset from Shorewall:
ipset -L f2b-Ip Name: f2b-Ip Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in
memory: 224 References: 0 Members: 88.199.175.11 timeout 604649
References=0 says nothing in iptables is using this ipset.
On fail2ban start/restart with bantime=60, looks like fail2ban sees that these
entries don't need to be banned
because 60 seconds have already passed. Try:
temporarily changing bantime=604800 in [postfix-ipset]
fail2ban-client reload postfix-ipset
It should populate your ipset.
Bill
On 4/11/2016 1:48 PM, [email protected] wrote:
On Mon, Apr 11, 2016, at 10:32 AM, Bill Shirley wrote:
It could be your ignoreip preventing the ban or not enough hits (maxretry)
within findtime. It also
could be that all those hits are from the same IP address (not likely thought).
iiuc, ignoreip whitelists ONLY the ips it lists.
my ignoreip lists only my internal & external IPs.
and wouldn't a bad ignoreip= prevent all matches?
the 'problem' exists even with maxretry=1; tho there are definitely enough hits
it any case
and not, those hits come from 10+ addresses.
Post your jail.
cat jail.local
[DEFAULT]
enabled = false
destemail = [email protected]
sender = [email protected]
ignoreip = 127.0.0.1/8 10.15.1.0/24 10.15.2.0/24 XX.XX.XX.XX
ignorecommand =
maxretry = 3
bantime = %(one_hour)s
findtime = %(six_hours)s
filter = %(__name__)s
action = %(action_mwl)s
backend = auto
usedns = warn
logencoding = utf-8
mta = sendmail
protocol = tcp
chain = INPUT
[postfix-ipset]
enabled = true
logpath = /var/log/postfix/postfix.log
maxretry = 1
findtime = %(one_week)s
bantime = 60
filter = my-ipset
action = postfix-ipset[expiretime=%(one_week)s]
cat action.d/postfix-ipset.conf
[INCLUDES]
before = iptables-common.conf
[Definition]
actioncheck =
actionstart =
actionstop =
actionban = ipset -exist add f2b-<name> <ip> timeout <expiretime>
actionunban =
[Init]
name = Ip
expiretime = 3600
Jason
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
