From: Yaroslav H. <li...@on...> - 2007-09-07 16:58:50
|
there is a persistent banning feature (bantime=-1) but indeed those ips are cleared out from rules on fail2ban restart and if that attack happened longer than findtime ago they will not be set on fail2ban next start. What could be done is simply adjusting any action with wiping out actionunban so they never removed, but then also care must be taken about placing those banned ips into some other chain that fail2ban created one so it doesn't get destroyed on restart. or indeed it might be useful to create a feature to dump all banned IPs with ban expiration on shutdown and loading them up on next start -- this way those persistently banned IPs will be banned forever as long as fail2ban is running. On Fri, 07 Sep 2007, Peter Jay Salzman wrote: > I was curious about one of the designs of fail2ban. > It seems pretty obvious that one thing someone may want is persistent state > banning. If someone brute force attacks my server, I don't want the IP > banned for a few minutes or even until I reboot my computer. I want the IP > banned forever. > It would be easy enough to implement with iptables-save and > iptables-restore, so I'm guessing this was something that was thought of and > discarded as a bad idea. > How come? > Thanks! > Pete > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |