As mentioned above, there is only the filter [asterisk-iptables] enabled. Attacks on the asterisk occur very irregular. Daly checks in the corresponding log-files show that nothing happened since the last one. I changed now the parameters in jail.conf to
maxretry = 5
bantime = 259200
thus not specifying a findtime. I will see how fail2ban will be able to handle the next attack. I don't have much hope that it will improve. At least I would still be able to see whether fail2ban did put the IP into the host.deny-file or not. However, to my understanding, the log of the last attack actually indicates that the IP has first been placed in the host.deny-file. One finds there the three distinct actions "banned", "already banned" and "unban".
|
English | 
Deutsch
Linear Mode
Recent comments
22 hours 36 sec ago
1 day 4 hours ago
1 day 8 hours ago
1 day 10 hours ago
1 day 18 hours ago
2 days 4 hours ago
2 days 4 hours ago
2 days 8 hours ago
2 days 12 hours ago
2 days 13 hours ago