On 1/17/21 12:21 PM, Dan Mahoney (Gushi) wrote: > From what you're saying it sounds like fail2ban has to hit the EOF marker, > which would imply as long as one could fill the logs faster than fail2ban > can count, you can evade a block. > F2b starts a scan at the last position it stopped for the previous scan, and continues to the EOF. F2b opens the log file anew for each scan; it does not see any new data during the scan. You have not presented any log data that supports your claim that f2b does not ban matched log entries. The only bit in the first post showed f2b being restarted part way, then banning an offending IP after the restart.
-- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
