Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

Yes, running the program once beats twice. Also -exist should work with del. You don't need the double dash in front of 'add' or 'del': actionban = ipset -exist add fail2ban- ,: timeout actionunban = ipset -exist del fail2ban- ,: Bill On 4/9/2016 2:19 PM, Nick Howitt wrote: As we seem to ha

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

As we seem to have resolution here, just branching slightly o/t. In iptables-ipset-proto4.conf we have: actionban = ipset --test f2b- ||  ipset --add f2b- actionunban = ipset --test f2b- && ipset --del f2b- Would it be better to use ipset'

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

Yes, however you must include the 'actionban': [Definition] . . actionban = ipset -exist add fail2ban- timeout [Init] name = Ip my_timeout = 3600 Bill On 4/9/2016 12:48 PM, jaso...@mail-central.com wrote: On Sat, Apr 9, 2016, at 09:41 AM, Bill Shirley wrote: It doesn't really matter what

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

On Sat, Apr 9, 2016, at 09:41 AM, Bill Shirley wrote: > It doesn't really matter what the default timeout is if you send the value > from the jail: > actionban = ipset -exist add fail2ban- timeout > > [Init] > name = Ip > my_timeout = 3600 > > jail: > [sshd] > action = my_ipset_ip[m

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

It doesn't really matter what the default timeout is if you send the value from the jail: actionban = ipset -exist add fail2ban- timeout [Init] name = Ip my_timeout = 3600 jail: [sshd] action = my_ipset_ip[my_timeout=86400] [sshd-2] action = my_ipset_ip[my_timeout=12345] B

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

On Fri, Apr 8, 2016, at 09:58 AM, Nick Howitt wrote: > Can you set your ipset set with a default timeout? It is a supported > parameter. This is only a workaround. Sure. In the current action already is for example actionstart = if ! ipset -quiet -name list f2b- >/dev/null; the

Re: [Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

Can you set your ipset set with a default timeout? It is a supported parameter. This is only a workaround. On 08/04/2016 17:25, jaso...@mail-central.com wrote: I'm looking at the various *ipset*.conf actions in current fail2ban. They currently use

[Fail2ban-users] what's the current state of bantime for ipset actions in jails vs confs?

I'm looking at the various *ipset*.conf actions in current fail2ban. They currently use an internal bantime, for example shorewall-ipset-proto6.conf ... actionban = ipset add f2b- timeout -exist ... [Init]