solution: The IP range in ignoreip was set incorrectly using CIDR. It should have been 192.168.2.0/24 rather than 192.168.2.1/32.
original post:
Another user had a similar problem caused by conflicting ignoreip's (jail.local's ignoreip replacing jail.conf's). However, the only ignoreip I am using is the one in jail.local, and I have not edited jail.conf at all, so the user's solution did not apply for me.
I've made the following changes in jail.local:
>diff /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
87c87
< #ignoreself = true
---
> ignoreself = true
92c92
< #ignoreip = 192.168.2.0/255
---
> ignoreip = 192.168.2.1/32 ::1
101c101
< bantime = 10m
---
> bantime = -1
208c208
< banaction = iptables-multiport
---
> banaction = iptables-allports
All of these changes are within the [DEFAULT] block.
I've >sudo /etc/init.d/fail2ban restart'ed many times, and >sudo shutdown -r 0'd many times as well. Despite this, every time I try to intentionally fail ssh logins from 192.168.2.13, the IP gets blocked after 5 tries. After this, I have to manually unban it using >sudo fail2ban-client set sshd unbanip 192.168.2.13.
>tail /var/log/fail2ban.log
2021-08-20 21:43:57,190 fail2ban.jail [1703]: INFO Jail 'sshd' started
2021-08-20 21:44:04,082 fail2ban.filter [1703]: INFO [sshd] Found 192.168.2.13 - 2021-08-20 21:44:03
2021-08-20 21:44:05,792 fail2ban.filter [1703]: INFO [sshd] Found 192.168.2.13 - 2021-08-20 21:44:05
2021-08-20 21:44:10,357 fail2ban.filter [1703]: INFO [sshd] Found 192.168.2.13 - 2021-08-20 21:44:09
2021-08-20 21:44:15,613 fail2ban.filter [1703]: INFO [sshd] Found 192.168.2.13 - 2021-08-20 21:44:15
2021-08-20 21:44:19,166 fail2ban.filter [1703]: INFO [sshd] Found 192.168.2.13 - 2021-08-20 21:44:19
2021-08-20 21:44:19,216 fail2ban.actions [1703]: NOTICE [sshd] Ban 192.168.2.13
Duplicating jail.local (with the appropriate ignoreip, etc.) as jail.conf also did not work.
Any ideas?
