On Saturday 09 November 2019 08:59:14 Michael wrote:
> Rather then to use fail2ban for this, I would create un ipset that
> fail2ban can populate then use that ipset in iptables.
i agree, but:
> One advantage of this is that you can add/delete ip from the ipset
> without having to restart fail2ban/iptables.
RTFM
fail2ban allows you to 'unban' an ip address as well:
> man fail2ban-client
set <JAIL> unbanip <IP>
manually Unban <IP> in <JAIL>
Whats this "jail"? The beginners tut seems to assume we've all had
cs101
thru cs401 and Just Know all the secret handshakes bs already. Sorry,
I've been hiding behind dd-wrt for about 2 decades and never had to
worry about it before.
Besides that the jail.d subdir of the install is empty. No jail.example
file to give one an inkling of what its supposed to be like. Theres
zero tutorial value in that. I was able, with the help of another
responder to carve up some iptables rules to stop the DDOS that
semrush,
yandex, bingbot, and 2 or 3 others were bound to do to me.
Understand I have no objections to those folks indexing my site so
their
search engines can find stuff, but to just repeatedly download the
whole
thing, copying it forever, reaching into nooks and crannies I don't
even
link to, using all my upload bandwidth for weeks at a time, will bring
me to battle stations. And we both will suffer because of their poor
behavior.
greetings...
Cheers, Gene Heskett