On Mon, 2010-08-09 at 00:38 +0000, Joseph L. Casale wrote: > I created a filter and verified it with fail2ban-regex against > actual lines in my log and it works. During restarts of fail2ban, > only some previous ip's get banned immediately whereas some need a > reoccurrence despite the jail's config specification of maxretry and > findtime suggesting the entries mandate blocking. > > I'd assume the behavior after a restart is noe way if it weren't for > the seemingly random immediate notification of blocks being different? > > Anyone with experience using fail2ban know anything about this? > > Thanks, > jlc --- Stop it at the Edge Router not the machine. Adding layers of security become problems like you are getting. Ban the ip block with iptables. John