• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Excessive fail2ban banned hosta may flood memory?

J

Jose Maria Sarachaga

New Pleskian
Hello guys

I'm using fail2ban in Plesk working pretty smoothly. I extended BAN period to months (instead of just some minutes), and the list of banned hosts grows as expected. At this time the list of banned hosts is about 8K, not a problem at all, for now.

My question is if an excessive number of banned hosts might lead to other problem, like memory flooding, or iptables/kernel crash?

I see it's all about iptables rules but don't know if all these rules are stored in memory or a file, for realtime lookup.

As i said, i have no problems at this time, just thinking ahead.

Regards
 
Fail2Ban uses iptables and iptables stores rules in its own "database". I am not aware of a limit, but 8,000 sounds like a whole lot. One downside of that is that it will most definitely slow down your network interface, because each connection needs to run through all these entries before it is passed or dropped.

Are you aware that you also have a "recidive" jail in Fail2Ban? If you combine a short drop for first time offenders with a long drop for repeating offenders you normally don't need thousands of jail entries. All the first time offenders and one shot attempts will be blocked for a short time, the repeating offenders will remain in iptables for a longer time. You'll maybe only have a fourth of your current entries.
 
Peter Debik said:
Fail2Ban uses iptables and iptables stores rules in its own "database". I am not aware of a limit, but 8,000 sounds like a whole lot. One downside of that is that it will most definitely slow down your network interface, because each connection needs to run through all these entries before it is passed or dropped.

Are you aware that you also have a "recidive" jail in Fail2Ban? If you combine a short drop for first time offenders with a long drop for repeating offenders you normally don't need thousands of jail entries. All the first time offenders and one shot attempts will be blocked for a short time, the repeating offenders will remain in iptables for a longer time. You'll maybe only have a fourth of your current entries.
Click to expand...
Thanks for your reply. Yes I’m aware of recidive, I will change the approach to what you suggest, I agree there will be a lot fewer hosts.
 
You must log in or register to reply here.

Similar threads

A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
2K
Bitpalast
Bitpalast
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
3K
Bitpalast
Bitpalast
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
4K
The 8th
The 8th
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
3K
Lenny
Lenny
Back
Top