Thank you for your answer. I will make my firewall application look for a running instance of fail2ban and restart it upon reconfiguration.
For the record, I found fail2ban's documentation to be very lacking after looking for an answer to this. On 11/08/2016 11:28 PM, Nick Howitt wrote: > Short answer, it simply breaks and needs to be reloaded. > > Long answer, have a look in your logs. the fail2ban log will have > failure messages each time it tries to apply a rule. Also have a look in > at "iptables -nvL" where you will no longer see the f2b chains of the > INPUT rules branching to them, even after f2b tries and fails to add a rule. > > Similarly, when f2b stops it generally flushes the f2b chains and rules, > but it also tries to unban the individual IP's from the previously > flushed chains and these fail. I did recently try to change the > actionunban rule to get it to check if the rule existed before deleting > the rule as an intellectual exercise but I failed as "iptables -C" still > returns an error which f2b logs. I could not be bothered to take it any > further and make the actionunban call an external script as all it would > do is tidy up the logs, rather than gain functionality. > > Nick > > On 09/11/2016 05:42, J Mo wrote: >> How does fail2ban behave when iptables rules are flushed? Does it need >> to be reloaded after such an event? >> >> What will happen when it tries to add or remove a rule in a chain which >> no longer exists? Are the chains recreated, or does fail2ban simply break? >> >> >> >> ------------------------------------------------------------------------------ >> Developer Access Program for Intel Xeon Phi Processors >> Access to Intel Xeon Phi processor-based developer platforms. >> With one year of Intel Parallel Studio XE. >> Training and support from Colfax. >> Order your platform today. http://sdm.link/xeonphi >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today. http://sdm.link/xeonphi > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
