# On the first login failure, we remember that an IP address is suspect
# and start counting failures. After too much failures, the address is banned.
-MaxFailures 10
+MaxFailures 9
-# When a suspect address generates no more failure for this many seconds,
-# it is forgotten.
-MaxSuspectTime 600
+# When a suspect address produces no further failures within this time [sec],
+# it is acquitted and forgotten.
+SuspectTime 600
# Bans are lifted after this many seconds.
-MaxBannedTime 3600
+BannedTime 3600
-# When a ban is lifted, the address is again considered suspect
-# and its number of failures is set to MaxFailures - Probation (0=disable).
-Probation 2
+# After a ban is lifted, the IP address undergoes further probation. If it
+# produces more failures within the probation period, it is banned again.
+MaxProbation 1
+
+# When an address is banned again during probation, its ban time is multiplied
+# by BannedAgainCoeff, but it cannot exceed MaxBannedTime [sec].
+BannedAgainCoeff 2
+MaxBannedtime 86400
+
+# Probation expires after [sec]
+ProbationTime 600
# Limit on the number of suspect addresses and bans we keep in memory
-MaxSuspects 1000
-MaxBanned 1000
+MaxCulprits 1000
# We log all messages to the log stream configured below
LogStream syslog
projects / bouncer.git / blobdiff