IPs permanently banned

[rabelux]

Hey there, I just checked my logs for fail2ban and it somehow seems to have blocked a whole bunch of IPs, although not configured that way. excerpt of /etc/fail2ban/jail.conf:

[DEFAULT]
ignoreip = 127.0.0.1 10.0.0.0/24
findtime = 3600
bantime = 86400
maxretry = 3
destemail = root@localhost
backend = auto
banaction = iptables-multiport
mta = sendmail
protocol = tcp
chain = INPUT

Output of fail2ban-client status ssh: |- Filter | |- Currently failed: 0 | |- Total failed: 0 | - File list: /var/log/auth.log - Actions |- Currently banned: 193 |- Total banned: 193 `- Banned IP list: 1.6.153.249 100.16.197.98 [and many more]

Everytime I reboot all these IPs get restored. I haven't actually experimented with fail2ban. I installed it, configured it as shown and thats it. So I don't know hat these jails appeared, can someone help me trying to explain this?

[ryecoaaron]

So, you are configuring fail2ban without the plugin?

[rabelux]

No I used the plugin but understandable that you ask. Just wanted to give an insight of what it looks like "under the hood"

by the way - is sshd-ddos recommendable or not really useful?

[ryecoaaron]

Ok. the config looked different. I don't use fail2ban myself but I thought most of the included actions were good.

[ryecoaaron]

Closing due to age.