Hello Bill I changed and tested your solution and it works very well!
Thanks a lot for that, it solved all my issues! Cheers Am Di., 28. Mai 2019 um 01:37 Uhr schrieb Bill Shirley < bshir...@openmri-scottsboro.com>: > I use an ipset with Shorewall to ban IP addresses. My setup uses the > 'timeout' option > of ipset. Also, there is no unban/ban overhead upon restarting fail2ban. > > /etc/shorewall/init (note 'timeout' is the default in seconds): > ipset -exist create fail2ban-IPv4-ip hash:ip timeout 86400 > > /etc/shorewall/rules: > ?SECTION NEW > ?COMMENT flagged by fail2ban > DROP net:+fail2ban-IPv4-ip[src] fw > > /etc/fail2ban/action.d/my_ipset_ip.conf: > [INCLUDES] > > before = iptables-blocktype.conf > > [Definition] > actioncheck = > actionstart = > actionstop = > actionban = ipset add fail2ban-<name> <ip> timeout <my_timeout> -exist > #actionunban = ipset del fail2ban-<name> <ip> -exist > actionunban = > > [Init] > name = IPv4-ip > my_timeout = 3600 > Note the actionunban is empty. I rely on the ipset timeout to expire to > unban. > > /etc/fail2ban/jail.local: > [sshd] > #enabled = false > enabled = true > action = my_ipset_ip[my_timeout=86400] > logpath = %(sshd_log)s > maxretry = 3 > findtime = 7200 > bantime = 60 > Because the actionunban is empty, I can use a 60 second 'bantime' and upon > restart fail2ban doesn't try to re-ban the IP addresses but the addresses > are still > dropped until the 'timeout' expires. > > Bill > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
