Automatic bantime #71
Comments
|
indeed would be a good feature to have -- any takers? ;-) |
|
That'll be really nice feature! |
|
I like the idea of iptables recent module.. Have the bantime start when the packets stop. |
|
There is a filter called recidive. You simply set it to monitor fail2ban log and use it to set permanent bans for repeated offenders. It's not exactly what you want but pretty much accomplishes the same goal and you can already use it without waiting for this functionality to be added to fail2ban. |
|
Another vote for an option to increase ban time exponentially where the exponent is some factor >= 1.0. I suppose I could write this myself, if I understood your protocol for accepting patches. |
|
Thanks, you just saved me a lot of duplication of effort. I'll be patient. |
|
Well, I would encourage you @johnwbyrd to look through #716 and express your opinion even on specifications of the incremental bans... I still feel that that aiming at max flexibility they are a bit cumbersome but I could be convinced just to be biased ;) |
but it is a bit "messy" just a little bit :) |
|
implemented in #1460 |
IMHO Fail2ban should have an option to enable automatic bantime, which increases each time an IP gets blocked. Other ways, an attacker could get to guess how many tries he can do in a given time and exploit your services without reaching that limit.
See http://www.sshguard.net/docs/faqs/#why-addresses-released for more info.
The text was updated successfully, but these errors were encountered: