On Mon, Apr 11, 2016, at 11:29 AM, Bill Shirley wrote: > I don't see anything wrong except you're not using your ipset from Shorewall: > > ipset -L f2b-Ip Name: f2b-Ip Type: hash:ip Revision: 4 Header: family inet > hashsize 1024 maxelem 65536 timeout 3600 Size in > memory: 224 References: 0 Members: 88.199.175.11 timeout 604649 > > References=0 says nothing in iptables is using this ipset.
Huh, missed that. Just rechecked it, and ipset -L f2b-Ip Name: f2b-Ip Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 224 References: 1 Members: 88.199.175.11 timeout 584895 So that's different. No idea what's going on there. > On fail2ban start/restart with bantime=60, looks like fail2ban sees that > these entries don't need to be banned > because 60 seconds have already passed. Try: > temporarily changing bantime=604800 in [postfix-ipset] > fail2ban-client reload postfix-ipset Changed that, restarted. I see in log 2016-04-11 11:42:03,764 fail2ban.actions [1581]: NOTICE [postfix-ipset] Unban 88.199.175.11 2016-04-11 11:42:04,018 fail2ban.actions [1581]: NOTICE [postfix-ipset] Ban 88.199.175.11 2016-04-11 11:42:32,708 fail2ban.actions [1581]: NOTICE [postfix-ipset] 88.199.175.11 already banned > It should populate your ipset. It does. But still with only that one IP ipset -L f2b-Ip Name: f2b-Ip Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 224 References: 1 Members: 88.199.175.11 timeout 604680 Just *love* these gremlins! Jason ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
