On 10/1/18 11:32 AM, Nick Howitt wrote: > That suggests a problem as your messages are 13min apart. > Why? Isn't that how f2b is supposed to work? By finding at least two instances of an undesirable IP address within a given time period?
> I think you > were using iptables. What is the output of "iptables -nvL"? > The output of "iptables -nvL". <https://www.dropbox.com/s/t9xj8jg3a6rn2gg/iptables-nvL.txt?dl=0> Using more recent examples... From the f2b log: An IP address that was banned and was not blocked. 2018-10-02 10:50:21,401 fail2ban.filter [16451]: INFO [suricata] Found 104.161.36.178 - 2018-10-02 10:50:21 2018-10-02 10:50:27,318 fail2ban.filter [16451]: INFO [suricata] Found 104.161.36.178 - 2018-10-02 10:50:27 2018-10-02 10:50:27,977 fail2ban.actions [16451]: NOTICE [suricata] Ban 104.161.36.178 2018-10-02 10:50:34,784 fail2ban.filter [16451]: INFO [suricata] Found 104.161.36.178 - 2018-10-02 10:50:34 2018-10-02 10:50:43,905 fail2ban.filter [16451]: INFO [suricata] Found 104.161.36.178 - 2018-10-02 10:50:43 2018-10-02 10:50:44,047 fail2ban.actions [16451]: NOTICE [suricata] 104.161.36.178 already banned From the proxy log: A connection that should not have happened. 2018-10-02_10:50:42 [Worker_1] Connected: session:7F9011348CE0 104.161.36.178:21679 > 192.168.69.246:25 > 192.168.69.246:125 -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
