Hi,
Apparently the ip-address 'should' be banned according to fail2ban's
internal administration, but there is still activity coming in,
triggering new bans.
This can happen if your banning technique is broken, the configuration
is broken, etc.
F.i. you could configure the apache jail to black all traffic to port 80
using iptables. After some research, you'll notice that you also needed
to block access to port 443, but you simply forgot to include it.
Please post full configuration if you're not sure what to look for. I
have no idea what 'suricata' is though ;)
Kind regards,
Tom
On 13-07-2021 01:33, James Moe via Fail2ban-users wrote:
fail2ban v1.0.1.1
opensuse tumbleweed, linux v5.13.0
Messages as shown below occasionally are in the log. It does not make much
sense. If the IP is banned, how can it be detected in the target log?
2021-07-11 16:15:31,136 fail2ban.filter [10710]: INFO [suricata-1]
Found 65.205.231.167 - 2021-07-11 16:15:31
2021-07-11 16:15:31,357 fail2ban.actions [10710]: WARNING [suricata-1]
65.205.231.167 already banned
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
