I am running Fail2Ban v1.1.0.1 on Ubuntu 24.04 LTS with UFW. Fail2ban uses systemd as backend.
The configuration works fine but with a large number of banned IPs (e.g. over 1500 in the postfix jail alone), the stop and start process takes a long time, resulting in a timeout.
This is because stopping fail2ban involves unbanning every banned IP address one by one, and then on restart fail2ban re-bans them.
I have seen elsewhere that including the actionflush = true configuration (presumably into the /etc/fail2ban/jail.local file?) prevents the normal behaviour when stopping fail2ban.
However, when configured to work with ufw, actionflush is replaced with actionstop and actionstart in the ufw.conf file in the action.d directory. The relevant section reads:
[Definition]
actionstart =
actionstop =
actioncheck =
How should I set the valus of these parameters (presumably by setting them in the jail.local file?) to give rise to rapid stop and, ideally, rapid start times for fail2ban?
