On 1/06/2017 6:19 PM, Y. wrote:
Hi,
I would not say it is easy. It is however possible. But to achieve your goal,
you will have to steal the control from Fail2Ban.
To achieve what you describe, you will have to maintain your own state, thus
leaving to Fail2Ban only the role of pattern matching and routing.
I fear this may indicate that it is not supported by fail2ban; looking at the
article in question it looks like it should be a part of the core of fail2ban
rather than relegating it to a log parser role. Have you considered submitting a
patch to the core code?
In any case thanks for the pointer!
Le 01/06/2017 à 09:46, Tom Hendrikx a écrit :
The recidive jail does this , to some extent. Maybe it's already enough
for what you need?
On 01-06-17 07:34, Philip Warner wrote:
I've set up a ban that runs for B time after F fails in T minutes.
After each IP is un-banned, what I would like to do is, say, decrement F
(or even halve it) for each IP that was previously banned in a given
window. Or double B. Or both.
For example:
- specific IP banned for 1 hour as a result of 10 fails in 30 min.
- then un-banned after 1 hour
I would like something along the lines of:
- for the next 4 hours will be banned again for one hour for *FIVE*
fails in 30 min.
or
- for the next 4 hours will be banned again for *TWO* hours for *FIVE*
fails in 30 min.
etc
Is this easy/possible?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
