Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Nick Howitt
Charles, For #2 you can easily manually add the 17,000 IP's to ipset using the command "ipset add {set-name} IP_address". It would be trivial to create a script to do it, or put your list of IP's into Excel, create a text field with "ipset add {set-name} " then join

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Jeremy Baker
I would be interested in the script you use to place the IPs into the ipsets if you feel like sharing. -- Jeremy Baker GnuPGP fingerprint = EE66 AC49 E008 E09A 7A2A 0195 50EF 580B EDBB 95B6 On 02/12/2016 09:13 AM, Nick Howitt wrote: > Charles, > > For #2 you can easily manually

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Tom Hendrikx
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Maybe an interesting side note: fail2ban is built to quickly ban *and* unban problematic ip addresses. The whole nature of fail2ban is (IMHO) in the fact that it automatically unbans ip addresses after a while. However, you state that you have

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Tom Hendrikx
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Please don't reply off-list. See comments below. On 12-02-16 17:17, Charles Bradshaw wrote: > Hi Tom > > Humm.. yes we agree that storing vast numbers of bans in fail2ban > is the wrong approach. Duplicate data always is. > > I'm unfamiliar

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Nick Howitt
My script has some heritage from one found on the ipset site and heavily hacked. I also broke down the one I saw into different bits. In /etc/cron.daily: #!/bin/sh # # Update emerging fwrules ipset # # * checks online for newer fwrev # *

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Charles Bradshaw
Hi Nick, Below is a verbatim copy of /var/fail2ban/action.d//iptables-ipset-proto4.conf it is dated Aug 1 2015 and was installed from the CentOS repo. Observe the note in the actionstop clause. There is a similar file for IPv6. The jail evoking it is below that. ~ o ~ # Fail2Ban configuration

[Fail2ban-users] Using new logfiles created while fail2ban is running.

2016-02-12 Thread allanit
Is there a way to get fail2ban to recognise and use a newly created log file in a newly created virtual server with out restarting fail2ban. -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM +

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Bill Shirley
In response to Charles: For #2, after you empty actionunban, write a script to iterate thru your ipset and for each IP issue: fail2ban-client set unbanip now fail2ban forgets about them and since actionunban is empty they're still in the ipset. No duplicate data. For #3, some admins don't

Re: [Fail2ban-users] Huge ipset reboot problem?

2016-02-12 Thread Bill Shirley
Or easier for #2: 1:root@elmo dns]$ cat /etc/redhat-release Fedora release 22 (Twenty Two) [1:root@elmo dns]$ ls /var/lib/fail2ban/ fail2ban.sqlite3 Rename that puppy. Bill On 2/12/2016 6:15 PM, Bill Shirley wrote: > In response to Charles: > For #2, after you empty actionunban, write a script