I think you want sudo fail2ban-client status ‘jail name ‘ Sent from my iPhone
> On Oct 1, 2018, at 3:10 AM, Nick Howitt <n...@howitts.co.uk> wrote: > > It is all to do with the sequence of events on your box and which element f2b > is trying to detect. As an example I've just had a similar message with the > postfix-sasl jail. An IP made a connection at 13:43:38 and failed > authentication in /var/log/secure at 13:43:38 and 13:43:41. These failures > hit the maillog at 13:43:41 and 13:43:43. F2b is detecting based in maillog > messages (there is no IP information in the secure log). F2b found the first > failure in the maillog at 13:43:41,003 and immediately banned at > 13:43:41,117. It then found the second failure at 13:43:43,298 but as the IP > was already banned at that point, at 13:43:44,223 I received the "already > banned" message. > > It can happen more on disconnect type of events as well as you may already > have existing open connections when f2b kicks in, and all the open > connections will disconnect after f2b has made the block. > > Nick > >> On 01/10/2018 01:06, James Moe via Fail2ban-users wrote: >>> On 9/30/18 4:35 PM, James Moe via Fail2ban-users wrote: >>> >>> How do I ask iptables what is banned by fail2ban? >>> >> Found it: >> $ iptables --list-rules f2b-assp >> >> And here is the entry for the example IP: >> -A f2b-assp -s 185.36.81.145/32 -j REJECT --reject-with >> icmp-port-unreachable >> >> I have further noticed that the other jail, suricata, does not have >> this issue even though the configuration is almost identical. >> > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
