• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Fail2Ban after a Server Restart

Zardiw

Basic Pleskian
It seems that the existing bans get 'lost' on a Server Restart.

I had over 55 pages (100 per page) before the restart, and only 7 now

How can I make it save the bans it had before and keep using those?

It seems counter intuitive to lose the bans of aholes from before the restart.

I am truly hard core on this.....my retry is ONE. My ban period is 7 months I think...I'd like to make it permanent.....They need some STRICT International Laws and Enforcement on the people that try to hack into computer systems. I would have no problem putting them against a wall and shooting them. FWIW, this costs the world BILLIONS, and UNTOLD Pain and Suffering.

PS. I've wondered what the 'retry count' truly represents. Is it the nr of retries after a failed login, or the total nr of login tries allowed?

Because I want a person to get ONE try to login. If they fail, they get banned.

Thank you

z
 
Last edited:
Hmm......We're back to 50 some pages now.

Did Fail2Ban just need time to reload them from a database table/file, OR is that just reflective of thousands of new failed login attempts?

z
 
Fail2ban works by reading logs in real time and adding rules to the iptables firewall.
It adds a (temporary) rules (ban in fail2ban speak) to iptables when it sees something in a log that corresponds with a jail/filter and removes that rule again when the ban time is over.

You even loose every fail2ban ban when you restart a server, or iptables or fail2ban itself.

iptables is restarted at a server restart that means the temporary rules are gone. After a server restart or a fail2ban restart, fail2ban then starts reading all the logs again and re-bans everything it sees that matches a jail.

If you ever add a permanent iptables rule and restart iptables, you also need to restart fail2ban.

regards
Jan
 
Thank you!

Well, that seems counter-intuitive.
And from what you are saying, it appears that these 'bans' aren't treated very seriously, in that Fail2Ban just starts over and re-reads the logs again to regenerate them.

1. Having to read the entire logs again is a waste of time, imo.
2. How do you change/make Permanent iptables rules?
3. Fail2ban restarts automatically on a server restart.....fwiw.

It would seem to make more sense to save these bans somewhere.......

z
 
Back
Top