Post your filter. Bill
On 4/11/2016 2:45 PM, [email protected] wrote: > > On Mon, Apr 11, 2016, at 11:29 AM, Bill Shirley wrote: >> I don't see anything wrong except you're not using your ipset from Shorewall: >> >> ipset -L f2b-Ip Name: f2b-Ip Type: hash:ip Revision: 4 Header: family inet >> hashsize 1024 maxelem 65536 timeout 3600 Size in >> memory: 224 References: 0 Members: 88.199.175.11 timeout 604649 >> >> References=0 says nothing in iptables is using this ipset. > Huh, missed that. > > Just rechecked it, and > > ipset -L f2b-Ip > Name: f2b-Ip > Type: hash:ip > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 timeout 3600 > Size in memory: 224 > References: 1 > Members: > 88.199.175.11 timeout 584895 > > So that's different. No idea what's going on there. > >> On fail2ban start/restart with bantime=60, looks like fail2ban sees that >> these entries don't need to be banned >> because 60 seconds have already passed. Try: >> temporarily changing bantime=604800 in [postfix-ipset] >> fail2ban-client reload postfix-ipset > Changed that, restarted. > > I see in log > > 2016-04-11 11:42:03,764 fail2ban.actions [1581]: NOTICE > [postfix-ipset] Unban 88.199.175.11 > 2016-04-11 11:42:04,018 fail2ban.actions [1581]: NOTICE > [postfix-ipset] Ban 88.199.175.11 > 2016-04-11 11:42:32,708 fail2ban.actions [1581]: NOTICE > [postfix-ipset] 88.199.175.11 already banned > >> It should populate your ipset. > It does. But still with only that one IP > > ipset -L f2b-Ip > Name: f2b-Ip > Type: hash:ip > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 timeout 3600 > Size in memory: 224 > References: 1 > Members: > 88.199.175.11 timeout 604680 > > Just *love* these gremlins! > > Jason ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
