[RFE]: no unban on exit

[Olivier6767]

Feature request type

Add option to avoid running unban of all IPs at shutdown

Description

I'm using fail2ban to add banned IPs to an external Firewall Group that has a DENY rule associated (Firewallis Unifi UDM-Pro).
I'm not using the host-based IP filters at all.
However when I stop or restart fail2ban, it runs the UNBAN action and which remove the IP adresses from the firewall group.
This means that while fail2ban is stopped, the IP adresses are not banned anymore at the firewall livel.
This is what I would like to avoid.
Similarly to the <norestored = 1> parameter, could we have a <no_unban_on_exit = 1> setting?
My settings are:

actionflush =
actionstart =
actionstop =
actioncheck =
actionban = <script-ban> <ip>
actionunban = <script-unban> <ip>

Considered alternatives

I thought that setting actionflush to blank would avoid the IPs to be banned when fail2ban stops but this does not seem to be the case.

Any additional information

This could be usefull for anyone using a persistent method to block IPs (external firewall) where the start/stop of fail2ban should not automaticzlly clear out all the bans.

[sebres]

Well, "no unban on exit" can not be distinguished at the moment from stop of the jail or stop or restart of fail2ban service. Although I don't understand why a timing unban may be expected, but no unban if fail2ban will be stopped, also for example how you would get the IPs "unbanned" (whatever your script doing) after restart of fail2ban if they will be not triggered due to norestored.
But if you really need it so...

I thought that setting actionflush to blank would avoid the IPs to be banned when fail2ban stops but this does not seem to be the case.

No, actionflush is empty by default (empty command in command actions means - it is unspecified).
Just set actionflush to some no-op command of your shell, like true or : (a colon) and this will work:

actionflush = true

Thus this RFE is already implemented :)