Lee Clemens

It seems the ultimate intent has been met with the recidive jail? (dshield can still be reported to, as well.) I'd recommend this be closed withing a short time.

I don't like the idea of fail2ban being exposed directly to external users, especially seeing as it runs as root. Having fail2ban manage an iptables rule to REDIRECT makes sense...

> Having fail2ban manage an iptables rule to REDIRECT makes sense though, is that what you're asking about? Having fail2ban act as that webserver in any way would expose it....

Maybe the three of you can help me understand the term "[Friendly WAF](https://www.google.com/search?q=%22Friendly+WAF%22)". I don't think general questions for web server recommendations are directly appropriate as a fail2ban Issue, and...

@buanzo I too agree with fail2ban having the ability to REDIRECT...so I think we're all on the same page.

ok, I stand by my initial response that fail2ban should not serve a "friendly waf" page, as that would require fail2ban to accept and respond to http requests from external...

I think you could accomplish the same goal using Apache, or whatever http server you use, and that the discussion of a webserver recommendation isn't really relevant to fail2ban's Issue...

@szepeviktor As I mentioned, I don't think this needs a new action, as it should be able to be accomplished using the existing iptables-multiport action with the addition of `-t...

@buanzo thanks...please check the definition of "addition". If you disagree with my statement that it shouldn't be a new action, please respond. If not, I'm not sure what value you...

@buanzo Please elaborate on what you meant by "that" in https://github.com/fail2ban/fail2ban/issues/1113#issuecomment-120751135?