As mentioned above, there is only the filter [asterisk-iptables] enabled. Attacks on the asterisk occur very irregular. Daly checks in the corresponding log-files show that nothing happened since the last one. I changed now the parameters in jail.conf to
maxretry = 5
bantime = 259200
thus not specifying a findtime. I will see how fail2ban will be able to handle the next attack. I don't have much hope that it will improve. At least I would still be able to see whether fail2ban did put the IP into the host.deny-file or not. However, to my understanding, the log of the last attack actually indicates that the IP has first been placed in the host.deny-file. One finds there the three distinct actions "banned", "already banned" and "unban".
|
English | 
Deutsch
Linear Mode
Recent comments
8 hours 23 min ago
13 hours 22 min ago
14 hours 48 min ago
15 hours 41 min ago
17 hours 24 min ago
21 hours 48 min ago
22 hours 40 min ago
1 day 53 min ago
1 day 14 hours ago
1 day 15 hours ago