Dear Sebastian, > To make sure fail2ban breaks the connection, you need to put the fail2ban > rules BEFORE any "ESTABLISHED,RELATED" rule.
As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet. Regards Gabor
