The reason that I think it is fail2ban is that if I white-list the ip in fail2ban it works fine, also I can ftp from other ip's even when the one ip is blocked.

but I will also research a bit more into the vsftp setting, if there is a block per IP, thanks for suggestion.

On Mon, Jul 30, 2012 at 2:01 PM, Tom Hendrikx <> wrote:
On 7/30/12 7:26 AM, Sverre Rakkenes wrote:
> My fail2ban log file will show information about jail starting
> and stopping upon restart of the fail2ban service, but if an IP is being
> blocked by fail2ban, this is NOT reflected in the log.
> I tested this with ftp, where I run vsftp on the server, and I try to
> log in several times with wrong password, fail2ban successfully bans the
> ip for the correct time, then unban it. but nothing is shown in the
> fail2ban logs, and I also do not get any email.
> has anyone seen this before? is there a config setting where I can force
> this to be logged?

All bans should be logged by default. How do you conclude that it is f2b
that is blocking access to vsftp, when it is not logging that?

I never ran vsftp (or any ftpd for that matter), but when reading its
manpage, the max_login_fails and max_per_ip configuration options could
result in blocking a connection too, based on previous login errors.

Please show logging that supports the fact that access to vsftpd is
blocked by f2b. Maybe you can show the relevant part of iptables -L
output (or whatever blocking mechanism you configured)?


Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
Fail2ban-users mailing list