FEATURE Client Server
Until version 0.6, Fail2ban is a single threaded application. When several sections are defined, each log file is parsed one after the other. This is not a problem when watching a single service. Moreover, when executing a command, Fail2ban waits for the end of it. This do not allow parsing of the log file at the same time.
Version >=0.7 will be multithreaded. Three concepts need to be defined:
A Jail contains a Filter and an Action object. The Filter corresponds to the LogReader class of the previous versions. It take care of watching the log file(s) and notify Jail of any login failure. The Action corresponds to the Firewall class of the previous versions. It take the decision of banning or unbanning a host and execute the corresponding commands.
Filter and Action run in two threads. Thus, when starting a new Jail, two new threads will be created. Filter and Action are independant and communicate with FailTicket through Jail. FailTickets, generated by Filter, are stored into a queue, waiting to be processed by Action.