try command
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans WHERE
jail='recidive';"
to see if ip in database
[root@genf132:4 log]0# sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
"SELECT * FROM bans WHERE jail='recidive';"
should give answer like
recidive|103.125.191.52|1593474438|{"matches": ["2020-06-30 01:18:50,463
fail2ban.actions [7278]: NOTICE [plesk-postfix] Ban
103.125.191.52", "2020-06-30 01:34:56,864 fail2ban.actions
[7278]: NOTICE [plesk-postfix] Ban 103.125.191.52", "2020-06-30
01:47:18,852 fail2ban.actions [7278]: NOTICE [plesk-postfix] Ban
103.125.191.52"], "failures": 3}
recidive|103.139.44.210|1591318795|{"matches": ["2020-06-03 01:45:19,317
fail2ban.actions [3936]: NOTICE [plesk-postfix] Ban
103.139.44.210", "2020-06-05 02:59:55,484 fail2ban.actions
[3936]: NOTICE [plesk-postfix] Ban 103.139.44.210", "2020-06-03
01:45:19,317 fail2ban.actions [3936]: NOTICE [plesk-postfix] Ban
103.139.44.210", "2020-06-05 02:59:55,484 fail2ban.actions
[3936]: NOTICE [plesk-postfix] Ban 103.139.44.210"], "failures": 4}
[...]
[root@genf132:4 log]0#
Usualy
INFO [recidive] 212.70.149.82 already banned
means, that ip exists in database for jail recidive already, not to be
baned by another jail.
Therefor there is a problem with the action.
However, if you stop fail2ban jail or whole service all ips in database
should be unbaned and baned again if jail or service is started.
regards
Peter
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
