search for: maxelem

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

...221 185.36.81.165 188.165.238.157 203.2.118.130 209.166.164.71 210.6.94.23 211.72.92.124 27.156.139.95 27.156.176.146 41.164.192.74 45.227.253.100 45.227.253.99 49.87.109.233 52.38.234.254 [root at ollie2 ~]# ipset list Name: fail2ban-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 120 References: 0 Number of entries: 0 Members: Name: fail2ban-dovecot Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600000 Size in memory: 3768 References: 0 Number of entries: 41 Members: 185.211.245.198 timeout 4294522 [...

...tedBy: xose.vazquez at gmail.com Estimated Hours: 0.0 ipset doesn't refresh timeout for an existing entry when the table is FULL. - Version-Release number of selected component: kernel: 3.11.10-200.fc19.x86_64 ipset: v6.20.1 - Steps to Reproduce: # ipset create http hash:ip timeout 0 maxelem 5 # ipset add http 192.168.0.1 # ipset add http 192.168.0.2 # ipset add http 192.168.0.3 # ipset add http 192.168.0.4 # ipset list Name: http Type: hash:ip Revision: 1 Header: family inet hashsize 1024 maxelem 5 timeout 0 Size in memory: 16784 References: 0 Members: 192.168.0.3 timeout 0 192.168.0....

https://bugzilla.netfilter.org/show_bug.cgi?id=819 Summary: ipset create setname timeout 2147484 records greater timeout Product: ipset Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: default AssignedTo:

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

...-A INPUT -p tcp --dport 143 -m set --match-set imap-bl src -j DROP /etc/fail2ban/jail.conf: [imap] ... action = ipset[name=imap-bl] /etc/fail2ban/action.d/ipset.conf: [Definition] # fail2ban tracks, so we dont use ipset timeout actionstart = /usr/sbin/ipset -exist create <name> hash:ip maxelem 131072 actionstop = /usr/sbin/ipset -exist flush <name> actioncheck = actionban = /usr/sbin/ipset -exist add <name> <ip> actionunban = /usr/sbin/ipset -exist del <name> <ip> You may have to ensure the ipset is present before referencing it in iptables, for examp...

...gnedTo: netfilter-buglog at lists.netfilter.org ReportedBy: quentin at armitage.org.uk Estimated Hours: 0.0 # ipset create foo hash:ip netmask 24 # ipset add foo 1.2.3.4/24 # ipset add foo 1.2.4.5/32 # ipset list foo Name: foo Type: hash:ip Revision: 0 Header: family inet hashsize 1024 maxelem 65536 netmask 24 Size in memory: 16536 References: 0 Members: 1.2.4.0 1.2.3.0 -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

...0.0. Version-Release number of selected component (if applicable): ipset-7.2 How reproducible: Always Steps to Reproduce: 1. ipset create foo hash:net 2. ipset add foo 95.0.0.0/8 3. ipset add foo 107.0.0.0/8 4. ipset save foo -sorted Actual results: create foo hash:net family inet hashsize 1024 maxelem 65536 add foo 107.0.0.0/8 add foo 95.0.0.0/8 Expected results: create foo hash:net family inet hashsize 1024 maxelem 65536 add foo 95.0.0.0/8 add foo 107.0.0.0/8 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment w...

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

...dd test 1.1.1.1\nadd test_iface 2.2.2.2\nadd test 3.3.3.3\n" | ./ipset - ipset v6.32: Syntax error: Second element is missing from 2.2.2.2. ipset v6.32: Syntax error: Second element is missing from 3.3.3.3. # ./ipset list Name: test Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 448 References: 0 Members: 1.1.1.1 Name: test_iface Type: hash:net,iface Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 416 References: 0 Members: Printing "setname" and "typename" in types.c:adt_type_get() shows that in the...

https://bugzilla.netfilter.org/show_bug.cgi?id=1101 Bug ID: 1101 Summary: SET target unreliable in iptables - add does not work as expected Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5

...set does not issue an error. This is the listing of a set that's failed after all its entries have been removed. Note the size of memory and number of entries compared to the flushed version: ~/ipset/src # ipset list test Name: test Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 13128 References: 0 Number of entries: 3 Members: ~/ipset/src # ipset flush test ~/ipset/src # ipset list test Name: test Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 120 References: 0 Number of entries: 0 Members: ~/ipset/src # I...

...tcpflags,dhcp,nosmurfs,blacklist I know it differs from the documentation by specifying non-default options, but I would like to keep at least blacklist for now until the dynamic zones get fully tested. The ipsets are generated as: Name: nocom_lanif_3 Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16504 References: 24 Members: Name: nonet_lanif_3 Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16504 References: 12 Members: I''ve observed two strange/misunderstood behaviors/errors: 1. shorewall show dynamic nonet returns nothing and...

...g/attachment.cgi?id=727&action=edit ipset blacklist (1881 entries) As used version is not available in above version list: ipset v6.29, protocol version: 6. OS is CentOS (RHEL). $ ipset -L -n blacklist $ ipset -L -t Name: blacklist Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 57600 References: 1 Number of entries: 1881 $ ipset test blacklist 108.174.0.158 108.174.0.158 is in set blacklist. $ ipset test blacklist 108.174.1.10 108.174.1.10 is in set blacklist. $ ipset test blacklist 108.174.8.95 108.174.8.95 is in set blacklist. Above tested IP a...

...vc is allowed in the current policy allow fail2ban_t sysfs_t:file { getattr open read }; When I load this new module I can restart fail2ban and it finally is able to create a working ipset: [root at camus ~]# ipset list Name: f2b-apache Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 10800 Size in memory: 408 References: 1 Number of entries: 3 Members: 223.167.32.161 timeout 10149 93.174.93.143 timeout 10149 5.164.24.192 timeout 10149 I'm neither a fail2ban nor a SELinux expert, but it seems the standard fail2ban SELinux policy as provided by CentOS 7 is not...

...reate foo hash:ip family ipv6 netmask 1 ipset v6.19: Syntax error: '1' is out of range 4-124 However, the following does not fail: # ipset create foo hash:ip netmask 1 family ipv6 # ipset add foo ffff:: # ipset list foo Name: foo Type: hash:ip Revision: 0 Header: family inet6 hashsize 1024 maxelem 65536 netmask 1 Size in memory: 16504 References: 0 Members: 8000:: Is there a reason why a netmask of 32 cannot be specified for ipv4 hash:ip sets, and also netmasks of 1,2,3,125,126,127 and 128 can't be specified for ipv6 sets? It would be very helpful for me if an ipv4 netmask of 32 and an...

...et add test 1.2.3.4 root at gir:~# ipset list --output json [ { "name" : "test", "type" : "hash:ip", "revision" : 6, "header" : { "family" : "inet", "hashsize" : 1024, "maxelem" : 65536, "bucketsize" : 12, "initval" : 0xdcadf93b, --- This is the point where parsing fails. The "0x" prefix is not part of the JSON grammar [1]. Popular JSON parsers fail on this: --- root at gir:~# ipset list -output json | jq . jq: parse erro...

Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: [root at server ~]# ll /etc/fail2ban/jail.d/ insgesamt 12