Bug#695734: Log IP instead of hostname
Having the IP address in the log would help prevent a potential denial of
service attack on fail2ban users. Consider this auth.log and fail2ban.log
auth.log:Jul 14 02:21:00 servername sshd: User admin from
search.example.org not allowed because none of user's groups are listed in
Access was really from attack.example.com [192.0.2.2]
fail2ban.log:2016-07-14 02:21:00,601 fail2ban.filter : WARNING Determined
IP using DNS Lookup: search.example.org = ['198.51.100.10']
And now search.example.org is blocked.
The concern is that a service like fail2ban only has the hostname to block with,
but that the attacker might also control their reverse DNS entry and be able to
block other hosts.
Gecko Software, Inc.