Fail2ban recidive

I understand the recidive settings in fail2ban are hardcoded. I changed the values in jail.local only to have my edits overwritten next time I restarted fail2ban.

The hardcode values is as the following;

bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 20

I would love to change the hardcoding to recidive to the following;

bantime = 7776000 ; 90 days
findtime = 86400 ; 1 day
maxretry = 3

Where might I dive into the hard code to find and change these values?

Pretty sure you need f2b >=0.9 for anything to survive a restart.

fail2ban-client version

I am running fail2ban v 0.8.14 that is packaged with PBX Version:

Back in

ver. 0.9.0 (2014/03/14) - beta

amonmg other things

Added fail2ban persistent database

default location at /var/lib/fail2ban/fail2ban.sqlite3
allows active bans to be reinstated on restart
log files read from last position after restart

Currently it is stable at

ver. 0.11.2 (2020/11/23) - heal-the-world-with-security-tools

not counting the current v 1. dev branch.

I believe the persistent database is for IP tables. Not for configuration settings. Or am in incorrect in this assumption?

The ‘persistance’ is of f2b’s acquired knowledge, it adds chains to ip tables based on that knowledge, , absent that knowledge, it can add nothing until the same guy shows up again or is in the watched log file which is likely less than 24hours old . If you move to >=0.9 it is stored in an sqlite3 database so the chains can be rebuilt on a restart and the lig file is only read from ‘latest ddate’

What would be the best way to update fail2ban for those using the Sangoma OS?


I can’t answer that as I don’t use it, so I would suggest that you just wait patiently for Sangoma either explain their thinking or get off the pot and update it.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.