I checked with the fail2ban mailing list and here's the official word from Yaroslav Halchenko (current project maintainer, I believe):
Quote:
there is no explicit guaranteed rebanning upon restart in place ATM
if your original scanned logs still happen to have those entries
within findtime from now, they should get banned upon restart
relevant (the oldest open) issue on github:
https://github.com/fail2ban/fail2ban/issues/2
|
So, there is the
potential for IP addresses to be re-banned after service stop/start/restart.
I believe that this behavior was introduced in version 0.8.6.