On Saturday 09 November 2019 08:59:14 Michael wrote: > > Rather then to use fail2ban for this, I would create un ipset that > > fail2ban can populate then use that ipset in iptables. > > i agree, but: > > One advantage of this is that you can add/delete ip from the ipset > > without having to restart fail2ban/iptables. > > RTFM > > fail2ban allows you to 'unban' an ip address as well: > > man fail2ban-client > > set <JAIL> unbanip <IP> > manually Unban <IP> in <JAIL> > Whats this "jail"? The beginners tut seems to assume we've all had cs101 thru cs401 and Just Know all the secret handshakes bs already. Sorry, I've been hiding behind dd-wrt for about 2 decades and never had to worry about it before.
Besides that the jail.d subdir of the install is empty. No jail.example file to give one an inkling of what its supposed to be like. Theres zero tutorial value in that. I was able, with the help of another responder to carve up some iptables rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 others were bound to do to me. Understand I have no objections to those folks indexing my site so their search engines can find stuff, but to just repeatedly download the whole thing, copying it forever, reaching into nooks and crannies I don't even link to, using all my upload bandwidth for weeks at a time, will bring me to battle stations. And we both will suffer because of their poor behavior. > greetings... Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
