Yes, running the program once beats twice. Also -exist should work with del.
You don't need the double
dash in front of 'add' or 'del':
actionban = ipset -exist add fail2ban- ,: timeout
actionunban = ipset -exist del fail2ban- ,:
Bill
On 4/9/2016 2:19 PM, Nick Howitt wrote:
As we seem to ha
As we seem to have resolution here, just branching slightly o/t.
In iptables-ipset-proto4.conf we have:
actionban = ipset --test f2b- ||
ipset --add f2b-
actionunban = ipset --test f2b- &&
ipset --del f2b-
Would it be better to use ipset'
Yes, however you must include the 'actionban':
[Definition]
.
.
actionban = ipset -exist add fail2ban- timeout
[Init]
name = Ip
my_timeout = 3600
Bill
On 4/9/2016 12:48 PM, jaso...@mail-central.com wrote:
On Sat, Apr 9, 2016, at 09:41 AM, Bill Shirley wrote:
It doesn't really matter what
On Sat, Apr 9, 2016, at 09:41 AM, Bill Shirley wrote:
> It doesn't really matter what the default timeout is if you send the value
> from the jail:
> actionban = ipset -exist add fail2ban- timeout
>
> [Init]
> name = Ip
> my_timeout = 3600
>
> jail:
> [sshd]
> action = my_ipset_ip[m
It doesn't really matter what the default timeout is if you send the value from
the jail:
actionban = ipset -exist add fail2ban- timeout
[Init]
name = Ip
my_timeout = 3600
jail:
[sshd]
action = my_ipset_ip[my_timeout=86400]
[sshd-2]
action = my_ipset_ip[my_timeout=12345]
B
On Fri, Apr 8, 2016, at 09:58 AM, Nick Howitt wrote:
> Can you set your ipset set with a default timeout? It is a supported
> parameter. This is only a workaround.
Sure. In the current action already is for example
actionstart = if ! ipset -quiet -name list f2b- >/dev/null;
the
Can you set your ipset set with a default timeout? It is a supported
parameter. This is only a workaround.
On 08/04/2016 17:25,
jaso...@mail-central.com wrote:
I'm looking at the various
*ipset*.conf
actions in current fail2ban.
They currently use
I'm looking at the various
*ipset*.conf
actions in current fail2ban.
They currently use an internal bantime, for example
shorewall-ipset-proto6.conf
...
actionban = ipset add f2b- timeout -exist
...
[Init]