>> What's the logic behind this "improvement"?
>A big change in all operating systems in the last decade is improvements to >boot time. Making this kind of thing demand-based moves the time cost out >of the critical path between power up and usable system. Ah, OK. A laudable goal. But the chosen implementation seems like throwing the baby out with the bath water. In other words, the chains get added later anyway if there is an active ban situation. So, perhaps I'm naïve, but it seems like adding the chains to iptables could still be scheduled such that it is non-blocking for bootup, but happens without the need to have an active ban situation for each chain. >IIRC, f2b has a persistent ban system? So you could store a ban there >manually and then start the service. Hmmm. That sounds like a reasonable workaround. <sigh> one more thing to figure out how to do that I didn't have to do before. Thanks again for the explanation. Michael _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
