I would like to put in a word for using the recidive jail for this. It's not exactly what you want, but I believe it is the closest thing to it which fail2ban "supports" (it's just a hack of monitoring fail2ban's own log file with fail2ban). We have used it with success.
Thanks, Mark On Thu, Jun 01, 2017 at 10:37:30PM +1000, Philip Warner wrote: > On 1/06/2017 6:19 PM, Y. wrote: > > > Hi, > > > > I would not say it is easy. It is however possible. But to achieve your > > goal, > > you will have to steal the control from Fail2Ban. > > > > To achieve what you describe, you will have to maintain your own state, > > thus > > leaving to Fail2Ban only the role of pattern matching and routing. > > > > I fear this may indicate that it is not supported by fail2ban; looking at the > article in question it looks like it should be a part of the core of fail2ban > rather than relegating it to a log parser role. Have you considered > submitting a > patch to the core code? > > In any case thanks for the pointer! > > > > Le 01/06/2017 ?? 09:46, Tom Hendrikx a ??crit : > >> The recidive jail does this , to some extent. Maybe it's already enough > >> for what you need? > >> > >> On 01-06-17 07:34, Philip Warner wrote: > >>> I've set up a ban that runs for B time after F fails in T minutes. > >>> > >>> After each IP is un-banned, what I would like to do is, say, decrement F > >>> (or even halve it) for each IP that was previously banned in a given > >>> window. Or double B. Or both. > >>> > >>> For example: > >>> > >>> - specific IP banned for 1 hour as a result of 10 fails in 30 min. > >>> - then un-banned after 1 hour > >>> > >>> I would like something along the lines of: > >>> > >>> - for the next 4 hours will be banned again for one hour for *FIVE* > >>> fails in 30 min. > >>> > >>> or > >>> > >>> - for the next 4 hours will be banned again for *TWO* hours for *FIVE* > >>> fails in 30 min. > >>> > >>> etc > >>> > >>> Is this easy/possible? > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- Mark Costlow | Southwest Cyberport | Fax: +1-505-232-7975 che...@swcp.com | Web: www.swcp.com | Voice: +1-505-232-7992 Mail Minder - Intelligent Push Notifications for Email on the iPhone http://mailminderapp.com/download or in the App Store ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
