We are Blocking a Bruteforce with Fail2Ban and i discovered that sometimes the IPs are not blocked after the maxretry or the IP is found after ban.
We have set the maxretry to 3 :
[ssh]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
logpath =...
Fail2Ban is ignoring maxretry/ ip found after ban
We have set the maxretry to 3 :
[ssh]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
logpath =...
Fail2Ban is ignoring maxretry/ ip found after ban