I switched my ssh port to 22000 and I changed the port settings in /etc/fail2ban/jail.local to specify to ban on both 22 and 22000 but when I tried failing to login 6 times, my connection was cutoff but was able to try logging in again immediately.
It appears my IP wasn't banned for an hour per the default bantime I set.
Is there something wrong with how I configured this?
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
[ssh]
enabled = true
port = ssh,22000
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
Thanks.
EDIT:
Netstat output per request.
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1061/master
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 940/mongod
tcp 0 0 0.0.0.0:22000 0.0.0.0:* LISTEN 1377/sshd
tcp 0 0 0.0.0.0:28017 0.0.0.0:* LISTEN 940/mongod
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN 951/rserver
tcp6 0 0 :::25 :::* LISTEN 1061/master
tcp6 0 0 :::22000 :::* LISTEN 1377/sshd
Best Answer
What I have seen by trying myself is that restarting the fail2ban daemon doesn't make it reload its configuration file. (Unlike most other daemons under linux... I don't even know how it manages to save its configuration when stopped. Temporary files I guess)
The following command will solve your problem :
This executable can be used to poll status and other interaction with the daemon.