config show fail2ban
I never understood why sysadmin never trusted fail2ban, it bans all the time you need, three bans after and you go to recidive for 15 days…there is one guilty here… Me
config show fail2ban
I never understood why sysadmin never trusted fail2ban, it bans all the time you need, three bans after and you go to recidive for 15 days…there is one guilty here… Me
We have changed the ban engine, we store the IP list to ipset, it is really fast but it is limited to 2^16 records per set. Before we used a list in a json file, it was long to read it and not efficient
So the recidive perpetual is still workable until you reach 65500 IP inside
Hum… We could increase the maxelem
when we create the set
I think we have something to do here
In the meanwhile it complains about the hashfile, so we need maybe to increase it, probably not related to the number of IP
When we create the set maybe we need to increase the hash
Could you try a fix ?
ipset destroy f2b-recidive
ipset create f2b-recidive -exist hash:ip hashsize 32768 maxelem 80000 timeout 0
Thanks… I tried to ipset destroy f2b-recidive
getting error: ipset v7.1: Set cannot be destroyed: it is in use by a kernel component
Also tried stopping the fail2ban module before running the ipset command; still getting the same error above.
Try first
shorewall stop
Create the set
And restart shorewall
shorewall start
Thanks… that seems to work…
Made the changed
Name: f2b-recidive
Type: hash:ip
Revision: 4
Header: family inet hashsize 32768 maxelem 80000 timeout 0
Size in memory: 120
References: 1
Number of entries: 0
Members:
Will monitor it for now… much appreciate the quick reply !
Have a good weekend.
Have a good holiday
In the meanwhile if shorewall restart, it will overwrite your changes
Maybe you could change the line below with your settings
Thank you…
Done it ! Appreciate the support …I think this will fix it !
Ideas for Future : Is it possible somehow, track those repeating IPs that keep offending into the recidive filter, such that the BanTime for those IPs will proportionally increased by users’ settings ?
Hi mates we still have a rpm to be verified…thank in advance
Thanks so much Stephane… will surely to give this a try…
Please have a go it is a trivial QA
Hello,
I am having a very similar problem after turning on some firehol lists in the Threat Shield.
Cron e-mail:
ipset v7.1: Error in line 131073: Hash is full, cannot add more elements
[WARNING] Can’t load bl-firehol_abusers_30d ipset
(Maybe should open another topic, but felt like it is a better place).
Yes new topic, this one is related to fail2ban
Hi sir, what does it mean? (axelem 80000 timeout 0) because i wanted to add brazil in my country ban list , but it will comsume a lot of memory.