action.d/*.conf: correct comments for actionstart/actionstop

config/action.d/abuseipdb.conf

@@ -48,13 +48,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/blocklist_de.conf

@@ -31,13 +31,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/bsd-ipfw.conf

@@ -11,14 +11,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =  [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )

config/action.d/cloudflare.conf

@@ -15,13 +15,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/complain.conf

@@ -41,13 +41,13 @@ debug = 0
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/dshield.conf

@@ -32,13 +32,13 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile>.buffer ]; then

config/action.d/dummy.conf

@@ -7,7 +7,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
@@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" <to_target>
               echo "%(debug)s clear all"
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;

config/action.d/hostsdeny.conf

@@ -8,13 +8,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/ipfilter.conf

@@ -9,7 +9,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # enable IPF if not already enabled
@@ -17,7 +17,7 @@ actionstart = /sbin/ipf -E
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # don't disable IPF with "/sbin/ipf -D", there may be other filters in use

config/action.d/ipfw.conf

@@ -8,14 +8,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/iptables-allports.conf

@@ -14,7 +14,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -22,7 +22,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>

config/action.d/iptables-ipset-proto4.conf

@@ -24,7 +24,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset --create f2b-<name> iphash
@@ -38,7 +38,7 @@ actionstart = ipset --create f2b-<name> iphash
 actionflush = ipset --flush f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>

config/action.d/iptables-ipset-proto6-allports.conf

@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype>

config/action.d/iptables-ipset-proto6.conf

@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>

config/action.d/iptables-multiport-log.conf

@@ -16,7 +16,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -34,7 +34,7 @@ actionflush = <iptables> -F f2b-<name>
               <iptables> -F f2b-<name>-log
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

config/action.d/iptables-multiport.conf

@@ -11,7 +11,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>

config/action.d/iptables-new.conf

@@ -13,7 +13,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -21,7 +21,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>

config/action.d/iptables-xt_recent-echo.conf

@@ -12,7 +12,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # Changing iptables rules requires root privileges. If fail2ban is
@@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update
 actionflush = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = echo / > /proc/net/xt_recent/<iptname>

config/action.d/iptables.conf

@@ -11,7 +11,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>

config/action.d/mail-buffered.conf

@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then

config/action.d/mail-whois-lines.conf

@@ -15,7 +15,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n

config/action.d/mail-whois.conf

@@ -14,7 +14,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n

config/action.d/mail.conf

@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n

config/action.d/mynetwatchman.conf

@@ -28,13 +28,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/nftables-common.conf

@@ -25,7 +25,7 @@ after = nftables-common.local
 nftables_mode = <protocol> dport \{ <port> \}
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <nftables> add set <nftables_family> <nftables_table> <set_name> \{ type <nftables_type>\; \}
@@ -35,7 +35,7 @@ _nft_list = <nftables> --handle --numeric list chain <nftables_family> <nftables
 _nft_get_handle_id = grep -m1 '<address_family> saddr @<set_name> <blocktype> # handle' | grep -oe ' handle [0-9]*'
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s)

config/action.d/npf.conf

@@ -9,7 +9,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # we don't enable NPF automatically, as it will be enabled elsewhere
@@ -17,7 +17,7 @@ actionstart =
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # we don't disable NPF automatically either

config/action.d/nsupdate.conf

@@ -42,14 +42,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =

config/action.d/osx-ipfw.conf

@@ -9,14 +9,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/pf.conf

@@ -10,7 +10,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # we don't enable PF automatically; to enable run pfctl -e 
@@ -35,7 +35,7 @@ actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
 actionstart_on_demand = false
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # we only disable PF rules we've installed prior

config/action.d/sendmail-buffered.conf

@@ -14,7 +14,7 @@ before = sendmail-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@@ -27,7 +27,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
               Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then

config/action.d/sendmail-common.conf

@@ -11,7 +11,7 @@ after = sendmail-common.local
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
               Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>

config/action.d/shorewall-ipset-proto6.conf

@@ -47,7 +47,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
@@ -55,7 +55,7 @@ actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
               fi
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = ipset flush f2b-<name>

config/action.d/shorewall.conf

@@ -17,13 +17,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 

config/action.d/symbiosis-blacklist-allports.conf

@@ -10,13 +10,13 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =