I need to contribute this to fail2ban if they’ll take it:
iptables -L takes a very long time to display the rules
Just posted this to the fail2ban wiki community portal:
Fail2ban is one of the best projects I’ve encountered - I love it! One suggestion: in 0.7+, the iptables.conf action uses pre-ban command”
iptables -L....Is there a reason for this? Maybe ip spoofing? At any rate, this can cause fail2ban to take forever in implementing its actions if the iptables chains are big, because it causes DNS lookups for each entry. I suggest adding the “n” flag to the command, to speed things up, like this:
iptables -nL....See:
FAQ: iptables -L takes a very long time to display the rules
I also want to mention that on both gentoo and debian the init scripts don’t seem to work that well. I have much better luck with the commands:
fail2ban-client stopfail2ban-client startAs of more recent versions, the init scripts on both debian and gentoo are working much better.