fail2ban scans log files and bans malicious IPs. Default values are quite gentle - change bantime (the duration in seconds for IP to be banned for - default 10 minutes) and findtime (unban the IP if no match is found in the logs within “findtime” seconds).

For some services, say ssh and mail, you can increase these values - for example, set findtime to 24 hours (if it is too short, you loose a lot of blocked IP when you restart fail2ban) and bantime to 8 hours.

bantime  = 28800 #ban for 8h
findtime = 86400 #use logs of last 24h
maxretry = 3 #default
notes/aggressive-fail2ban-settings.txt · Last modified: 2017/10/28 14:04 by admin
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Run by Debian Driven by DokuWiki