Hi!
It's really configurable: there's a basic on/off setting, but you can also
tell it how much to increase by each time, and you can set either simple or
aggressive formulae.
This is one of the settings for the multiplier:
bantime.multipliers = 1 2 16 90 182 365 1000 2000
That shows how aggressively it will increase the bantime. In example above,
my bantime of 86400 (1 day) will ban a persistent offender for 1 day, 2
days, 16 days etc. You can configure it in a really granular way if you
manipulate the ban time with the multiplier.
In terms of purging, yes I'm talking about dbpurgeage. Until 0.10 or 0.11
that setting didn't actually do anything. No function was ever written to
purge the DB.
Now it works; it does purge after dbpurgeage. So I set my purge age to 2
years, so that it remembers long-time bans. But that's because my
multiplier eventually bans bad IPa for a year or more.
The purge age amount depends on what sort of ban times you set.
If you want to discuss more specific examples, I can show you how I'm using
it.
It's honestly improved f2b by ten times for me - the recidive jail never
quite worked for me because it was not very configurable, but now we have
an ability to generate longer and longer ban times, so Fail2Ban really
feels even more useful.
Tony
On Fri, 30 Mar 2018 at 11:31, Palvelin Postmaster via Fail2ban-users <
fail2ban-users@lists.sourceforge.net> wrote:
>
>
> > On 15 Mar 2018, at 12:00, Tony Collins <t...@evilplan.org.uk> wrote:
> >
> > One other thing: the 0.11.x version of f2b has a ban time "multiplier",
> which is just fantastic - if the same IP keeps getting banned, f2b
> automatically increases the ban time. To do that you need a long 'purgeage'
> setting (so it can remember that an IP was banned a few months ago), and
> again once you use f2b to manage your blocks, it can just take care of
> everything - you never need to use iptables commands for unblocking,
> because f2b 0.11.x manages ban times so much more effectively and
> logically. F2b has always managed bans and unbans pretty well, but there's
> been some really excellent polish applied to recent versions.
>
> Is the ’multiplier’ applied automatically or is there a setting?
>
> I presumw by ’purgeable’ you refer the dbpurgeage setting. Where should
> one ideally set it in regards to the new automatically increasing ban time?
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
