action.d/*.conf: correct comments for actionstart/actionstop

config/action.d/abuseipdb.conf

@@ -48,13 +48,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/blocklist_de.conf

@@ -31,13 +31,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/bsd-ipfw.conf

@@ -11,14 +11,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =  [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )

config/action.d/cloudflare.conf

@@ -15,13 +15,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/complain.conf

@@ -41,13 +41,13 @@ debug = 0
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/dshield.conf

@@ -32,13 +32,13 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile>.buffer ]; then

config/action.d/dummy.conf

@@ -7,7 +7,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
@@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" <to_target>
               echo "%(debug)s clear all"
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;

config/action.d/hostsdeny.conf

@@ -8,13 +8,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/ipfilter.conf

@@ -9,15 +9,15 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # enable IPF if not already enabled
 actionstart = /sbin/ipf -E
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # don't disable IPF with "/sbin/ipf -D", there may be other filters in use

config/action.d/ipfw.conf

@@ -8,14 +8,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/iptables-allports.conf

@@ -14,15 +14,15 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
               <iptables> -A f2b-<name> -j <returntype>
               <iptables> -I <chain> -p <protocol> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>

config/action.d/iptables-ipset-proto4.conf

@@ -24,7 +24,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset --create f2b-<name> iphash
@@ -38,7 +38,7 @@ actionstart = ipset --create f2b-<name> iphash
 actionflush = ipset --flush f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>

config/action.d/iptables-ipset-proto6-allports.conf

@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype>

config/action.d/iptables-ipset-proto6.conf

@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>

config/action.d/iptables-multiport-log.conf

@@ -16,7 +16,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -34,7 +34,7 @@ actionflush = <iptables> -F f2b-<name>
               <iptables> -F f2b-<name>-log
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

config/action.d/iptables-multiport.conf

@@ -11,15 +11,15 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
               <iptables> -A f2b-<name> -j <returntype>
               <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

config/action.d/iptables-new.conf

@@ -13,15 +13,15 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
               <iptables> -A f2b-<name> -j <returntype>
               <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>

config/action.d/iptables-xt_recent-echo.conf

@@ -12,7 +12,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # Changing iptables rules requires root privileges. If fail2ban is
@@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update
 actionflush = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = echo / > /proc/net/xt_recent/<iptname>

config/action.d/iptables.conf

@@ -11,15 +11,15 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
               <iptables> -A f2b-<name> -j <returntype>
               <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>

config/action.d/mail-buffered.conf

@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then

config/action.d/mail-whois-lines.conf

@@ -15,7 +15,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n

config/action.d/mail-whois.conf

@@ -14,7 +14,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n

config/action.d/mail.conf

@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n