> On Mon, Sep 21, 2020 at 12:34 PM Robert Kudyba <[email protected]> > wrote: > >> Sure but I'm still wondering if: >> 2020-09-21 10:23:29,368 fail2ban.actions [621763]: WARNING [sshd] >> 107.175.215.101 already banned >> 2020-09-21 10:23:29,384 fail2ban.observer [621763]: INFO [sshd] >> Found 107.175.215.101, bad - 2020-09-21 10:19:15, 1 # -> 2.0 >> 2020-09-21 10:23:29,384 fail2ban.observer [621763]: INFO [sshd] >> Found 107.175.215.101, bad - 2020-09-21 10:19:20, 1 # -> 2.0 >> >> How can the subsequent logs show up if the IP is already banned? >> > > Others that know the inner workings of fail2ban may know better, but > perhaps because the bans wern't actually working before (but they still get > put in the sqlite database), you may see this for a while until all the old > bans expire. But that's just a theory I have at the moment. >
I posted some logs on this bug report https://github.com/fail2ban/fail2ban/issues/2831 which may be unrelated but I'm curious if you can add to that entry? That bug report was filed today, but for an iptables user on Debian/Ubuntu. Also note the ban increment doesn't appear to be working as there should be an increment to 2.0.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
