As mentioned above, there is only the filter [asterisk-iptables] enabled. Attacks on the asterisk occur very irregular. Daly checks in the corresponding log-files show that nothing happened since the last one. I changed now the parameters in jail.conf to
maxretry = 5
bantime = 259200
thus not specifying a findtime. I will see how fail2ban will be able to handle the next attack. I don't have much hope that it will improve. At least I would still be able to see whether fail2ban did put the IP into the host.deny-file or not. However, to my understanding, the log of the last attack actually indicates that the IP has first been placed in the host.deny-file. One finds there the three distinct actions "banned", "already banned" and "unban".
|
English | 
Deutsch
Threaded Mode
Recent comments
1 day 11 hours ago
1 day 20 hours ago
1 day 23 hours ago
2 days 33 min ago
2 days 1 hour ago
2 days 3 hours ago
2 days 5 hours ago
2 days 6 hours ago
2 days 22 hours ago
2 days 23 hours ago