Hi all, I am getting a strange problem with Fail2Ban with regards to 'already banned' ips, and subsequently more than the allowed number of connection attempts. I've tried a couple of things to fix it, but I am by no means an expert. The latest change made was to change the port on ssh from: Code: port = ssh to Code: port = all Prior to that I changed the protocol from: Code: protocol = tcp to Code: protocol = all Here's my jail.local, default and the SSH jail: Code: [DEFAULT] ignoreip = 127.0.0.1/8 xx.xx.xx.xx/32 (the xx is the webserver external ip) bantime = 3600 protocol = all [ssh] enabled = true port = all #action = iptables-multiport[name=ssh, port=all, protocol=all] logpath = /var/log/auth.log* maxretry = 6 The action line is commented out, as I thought this might be causing it. select lines from jail.conf (let me know if you need more) Code: [DEFAULT] findtime = 6000 ; 100 mins maxretry = 3 banaction = iptables-multiport- [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 jail.conf has protocol = tcp, but my understanding is that anything in the jail.local will override the jail.conf settings. Let me know if you need anything else. Any help appreciated.