Package: fail2ban Severity: normal All pieces of documentation that pertain the 'findtime' option seem to suggest that fail2ban's behaviour is the following:
<<A host is banned if it has generated 'maxretry' [failures] during the last 'findtime' seconds.>> [examples/jail.conf] <<Any IP which had enough [meaning 'maxretry' or more] failed logins within 'findtime' will be banned for 'bantime'.>> [README.Debian.gz] This is wrong and misleading. This option should more correctly have been named 'resettime'. In fact, in all versions, from Etch's 0.7.5 upto and including the latest 0.8.3, the behaviour is the following: <<When a match is found, this increments the counter. If the counter reaches 'maxretry' then the offending host is banned. The counter is set to zero if no match is found within 'findtime'. [...] I consider this as a bug and will fix it in a future release.>> [Cyril Jaquier, upstream developer, from this post: http://sf.net/mailarchive/message.php?msg_id=47A8D9AF.1090900%40fail2ban.org I lost several days trying to figure out what I was doing wrong. I think this behaviour should be clearly documented, at least in the Debian package. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
