'What does "Restore Ban" means in Fail2Ban logs?

Here's output from command sudo zgrep 'Ban' /var/log/fail2ban.log*

2021-11-02 17:11:14,167 fail2ban.actions        [30809]: NOTICE  [sshd] Ban 38.91.102.38
2021-11-02 17:12:27,085 fail2ban.actions        [31041]: NOTICE  [sshd] Restore Ban 38.91.102.38

What does "Restore Ban" means?

securityfail2ban


Solution 1:[1]

It means fail2ban is banning that IP after the service is started/restarted, and that ip was banned before, so fail2ban is restoring the state of 'ban' for that IP.

For example:

  1. At 1pm, IP 1.2.3.4 is banned for 1 day
  2. A few minutes later, the fail2ban service is shutdown due to a server reboot.
  3. When fail2ban starts again, it goes through the database and it bans 1.2.3.4 again.

Therefore the ban is restored.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 user65535

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application