Closed rabelux closed 8 months ago
So, you are configuring fail2ban without the plugin?
No I used the plugin but understandable that you ask. Just wanted to give an insight of what it looks like "under the hood"
by the way - is sshd-ddos recommendable or not really useful?
Ok. the config looked different. I don't use fail2ban myself but I thought most of the included actions were good.
Closing due to age.
Hey there, I just checked my logs for fail2ban and it somehow seems to have blocked a whole bunch of IPs, although not configured that way. excerpt of
/etc/fail2ban/jail.conf
:Output of
fail2ban-client status ssh
: |- Filter | |- Currently failed: 0 | |- Total failed: 0 |- File list: /var/log/auth.log
- Actions |- Currently banned: 193 |- Total banned: 193 `- Banned IP list: 1.6.153.249 100.16.197.98 [and many more]Everytime I reboot all these IPs get restored. I haven't actually experimented with fail2ban. I installed it, configured it as shown and thats it. So I don't know hat these jails appeared, can someone help me trying to explain this?