I see how one can manually ban a specific IP for a specific length of time. What I'd like to so is configure BanDaemon to automatically ban IPs for a length of time which I choose. Looking through config.inc.php I didn't notice an option to set the time of a ban for IPs. Is this possible with BanDaemon? If not possible to configure this, what is the default period of ban?
Hello paka, it is not possible to configure the ban time itself. Bandaemon uses an increasing amount of ban time so if an ip has already been banned before the ban time is higher at the next ban. There is a setting "bantime_factor" that can be altered for each of the banning subsets, e. g. you can create a file 100-bantime-ssh.conf in the conf.d folder of bandaemon. In there you define Code: ident = ssh bantime_factor = 2.5 This will set the increasing ban time score to 2.5 times the value of the default (0.1 to 10.0 are valid values). This is only indirectly linked to the ban time, because that one depends on the "suspicion score" of requests (e.g. origin country, previous bans, subnet etc.).
Cheers for the explantation. I'm always more comfortable when I know the logic of the software. Everything I've used connected with ISPConfig has been solid and support clear & accurate. While I've seen BanDaemon referred to as a replacement for Fail2Ban, it does seem BanDaemon monitor and protects against more than Fali2Ban. For this I'm happy to support BanDamemon.
