From d01fe9d22a717a0122143cde41ce5c18a1790f6e Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Wed, 12 Sep 2018 16:00:40 +0200
Subject: [PATCH] action.d/*.conf: correct comments for actionstart/actionstop

---
 config/action.d/abuseipdb.conf                      | 4 ++--
 config/action.d/blocklist_de.conf                   | 4 ++--
 config/action.d/bsd-ipfw.conf                       | 4 ++--
 config/action.d/cloudflare.conf                     | 4 ++--
 config/action.d/complain.conf                       | 4 ++--
 config/action.d/dshield.conf                        | 4 ++--
 config/action.d/dummy.conf                          | 4 ++--
 config/action.d/hostsdeny.conf                      | 4 ++--
 config/action.d/ipfilter.conf                       | 4 ++--
 config/action.d/ipfw.conf                           | 4 ++--
 config/action.d/iptables-allports.conf              | 4 ++--
 config/action.d/iptables-ipset-proto4.conf          | 4 ++--
 config/action.d/iptables-ipset-proto6-allports.conf | 4 ++--
 config/action.d/iptables-ipset-proto6.conf          | 4 ++--
 config/action.d/iptables-multiport-log.conf         | 4 ++--
 config/action.d/iptables-multiport.conf             | 4 ++--
 config/action.d/iptables-new.conf                   | 4 ++--
 config/action.d/iptables-xt_recent-echo.conf        | 4 ++--
 config/action.d/iptables.conf                       | 4 ++--
 config/action.d/mail-buffered.conf                  | 4 ++--
 config/action.d/mail-whois-lines.conf               | 4 ++--
 config/action.d/mail-whois.conf                     | 4 ++--
 config/action.d/mail.conf                           | 4 ++--
 config/action.d/mynetwatchman.conf                  | 4 ++--
 config/action.d/nftables-common.conf                | 4 ++--
 config/action.d/npf.conf                            | 4 ++--
 config/action.d/nsupdate.conf                       | 4 ++--
 config/action.d/osx-ipfw.conf                       | 4 ++--
 config/action.d/pf.conf                             | 4 ++--
 config/action.d/sendmail-buffered.conf              | 4 ++--
 config/action.d/sendmail-common.conf                | 4 ++--
 config/action.d/shorewall-ipset-proto6.conf         | 4 ++--
 config/action.d/shorewall.conf                      | 4 ++--
 config/action.d/symbiosis-blacklist-allports.conf   | 4 ++--
 34 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/config/action.d/abuseipdb.conf b/config/action.d/abuseipdb.conf
index 279c299e..c53ed489 100644
--- a/config/action.d/abuseipdb.conf
+++ b/config/action.d/abuseipdb.conf
@@ -48,13 +48,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/blocklist_de.conf b/config/action.d/blocklist_de.conf
index 3859c637..ba6d427b 100644
--- a/config/action.d/blocklist_de.conf
+++ b/config/action.d/blocklist_de.conf
@@ -31,13 +31,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf
index 4fbe9195..5116b0d8 100644
--- a/config/action.d/bsd-ipfw.conf
+++ b/config/action.d/bsd-ipfw.conf
@@ -11,14 +11,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =  [ ! -f <startstatefile> ] || ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )
diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 89df5b9e..1c48a37f 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -15,13 +15,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
index 1f74d635..3a5f882c 100644
--- a/config/action.d/complain.conf
+++ b/config/action.d/complain.conf
@@ -41,13 +41,13 @@ debug = 0
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index 4f2e09ca..c128bef3 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -32,13 +32,13 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile>.buffer ]; then
diff --git a/config/action.d/dummy.conf b/config/action.d/dummy.conf
index 41250c27..eb07e320 100644
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@@ -7,7 +7,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = if [ ! -z '<target>' ]; then touch <target>; fi;
@@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" <to_target>
               echo "%(debug)s clear all"
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ ! -z '<target>' ]; then rm -f <target>; fi;
diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
index 2a93c82b..8eebbaff 100644
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@@ -8,13 +8,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 
diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf
index 61420e38..02091d60 100644
--- a/config/action.d/ipfilter.conf
+++ b/config/action.d/ipfilter.conf
@@ -9,7 +9,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # enable IPF if not already enabled
@@ -17,7 +17,7 @@ actionstart = /sbin/ipf -E
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # don't disable IPF with "/sbin/ipf -D", there may be other filters in use
diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf
index 37625209..956b154b 100644
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@@ -8,14 +8,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 
diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf
index dbea5984..caf9ab81 100644
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@@ -14,7 +14,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -22,7 +22,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf
index 30353f36..99ebbf8c 100644
--- a/config/action.d/iptables-ipset-proto4.conf
+++ b/config/action.d/iptables-ipset-proto4.conf
@@ -24,7 +24,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset --create f2b-<name> iphash
@@ -38,7 +38,7 @@ actionstart = ipset --create f2b-<name> iphash
 actionflush = ipset --flush f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
diff --git a/config/action.d/iptables-ipset-proto6-allports.conf b/config/action.d/iptables-ipset-proto6-allports.conf
index b761ad8c..dc7d63a7 100644
--- a/config/action.d/iptables-ipset-proto6-allports.conf
+++ b/config/action.d/iptables-ipset-proto6-allports.conf
@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j <blocktype>
diff --git a/config/action.d/iptables-ipset-proto6.conf b/config/action.d/iptables-ipset-proto6.conf
index e337eedf..f88777b8 100644
--- a/config/action.d/iptables-ipset-proto6.conf
+++ b/config/action.d/iptables-ipset-proto6.conf
@@ -23,7 +23,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
@@ -36,7 +36,7 @@ actionstart = ipset create <ipmset> hash:ip timeout <bantime><familyopt>
 actionflush = ipset flush <ipmset>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -m set --match-set <ipmset> src -j <blocktype>
diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf
index 62c2b4b1..df126dbf 100644
--- a/config/action.d/iptables-multiport-log.conf
+++ b/config/action.d/iptables-multiport-log.conf
@@ -16,7 +16,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -34,7 +34,7 @@ actionflush = <iptables> -F f2b-<name>
               <iptables> -F f2b-<name>-log
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf
index c05f6ffc..41b00c54 100644
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@@ -11,7 +11,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf
index 5b316807..39a17099 100644
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@@ -13,7 +13,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -21,7 +21,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
diff --git a/config/action.d/iptables-xt_recent-echo.conf b/config/action.d/iptables-xt_recent-echo.conf
index 1970de14..97449222 100644
--- a/config/action.d/iptables-xt_recent-echo.conf
+++ b/config/action.d/iptables-xt_recent-echo.conf
@@ -12,7 +12,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # Changing iptables rules requires root privileges. If fail2ban is
@@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then <iptables> -I <chain> -m recent --update
 actionflush = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = echo / > /proc/net/xt_recent/<iptname>
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index bf83e24a..8ed5fdad 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -11,7 +11,7 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <iptables> -N f2b-<name>
@@ -19,7 +19,7 @@ actionstart = <iptables> -N f2b-<name>
               <iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 88cd623f..325f185b 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then
diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
index 37e2d9b0..3a3e56b2 100644
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@@ -15,7 +15,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban" | <mailcmd> "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n
diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
index 1f69f4c6..7fea34c4 100644
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@@ -14,7 +14,7 @@ before = mail-whois-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n
diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
index cfc1cf65..5d8c0e15 100644
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@@ -10,7 +10,7 @@
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Hi,\n
@@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Hi,\n
diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf
index 8f3edf9e..b0ab2cc3 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -28,13 +28,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/nftables-common.conf b/config/action.d/nftables-common.conf
index 83311087..37045712 100644
--- a/config/action.d/nftables-common.conf
+++ b/config/action.d/nftables-common.conf
@@ -25,7 +25,7 @@ after = nftables-common.local
 nftables_mode = <protocol> dport \{ <port> \}
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = <nftables> add set <nftables_family> <nftables_table> <set_name> \{ type <nftables_type>\; \}
@@ -35,7 +35,7 @@ _nft_list = <nftables> --handle --numeric list chain <nftables_family> <nftables
 _nft_get_handle_id = grep -m1 '<address_family> saddr @<set_name> <blocktype> # handle' | grep -oe ' handle [0-9]*'
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s)
diff --git a/config/action.d/npf.conf b/config/action.d/npf.conf
index 8b00d177..3bbb2f51 100644
--- a/config/action.d/npf.conf
+++ b/config/action.d/npf.conf
@@ -9,7 +9,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # we don't enable NPF automatically, as it will be enabled elsewhere
@@ -17,7 +17,7 @@ actionstart =
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # we don't disable NPF automatically either
diff --git a/config/action.d/nsupdate.conf b/config/action.d/nsupdate.conf
index 7886825c..ef56c6bd 100644
--- a/config/action.d/nsupdate.conf
+++ b/config/action.d/nsupdate.conf
@@ -42,14 +42,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =
diff --git a/config/action.d/osx-ipfw.conf b/config/action.d/osx-ipfw.conf
index abe4009c..6ff6afdf 100644
--- a/config/action.d/osx-ipfw.conf
+++ b/config/action.d/osx-ipfw.conf
@@ -9,14 +9,14 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 
diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf
index 905312c3..933b4de0 100644
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@@ -10,7 +10,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 # we don't enable PF automatically; to enable run pfctl -e 
@@ -35,7 +35,7 @@ actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
 actionstart_on_demand = false
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 # we only disable PF rules we've installed prior
diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf
index 37bc642d..199c6ce5 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -14,7 +14,7 @@ before = sendmail-common.conf
 norestored = 1
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@@ -27,7 +27,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
               Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then
diff --git a/config/action.d/sendmail-common.conf b/config/action.d/sendmail-common.conf
index 46eca9ca..9bf15054 100644
--- a/config/action.d/sendmail-common.conf
+++ b/config/action.d/sendmail-common.conf
@@ -11,7 +11,7 @@ after = sendmail-common.local
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
@@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on <fq-hostname>
               Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on <fq-hostname>
diff --git a/config/action.d/shorewall-ipset-proto6.conf b/config/action.d/shorewall-ipset-proto6.conf
index 1ebcfb01..fc7dd24e 100644
--- a/config/action.d/shorewall-ipset-proto6.conf
+++ b/config/action.d/shorewall-ipset-proto6.conf
@@ -47,7 +47,7 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
@@ -55,7 +55,7 @@ actionstart = if ! ipset -quiet -name list f2b-<name> >/dev/null;
               fi
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = ipset flush f2b-<name>
diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf
index 282b95af..dcef8829 100644
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@@ -17,13 +17,13 @@
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart = 
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop = 
diff --git a/config/action.d/symbiosis-blacklist-allports.conf b/config/action.d/symbiosis-blacklist-allports.conf
index c24a8e0a..6fb7d0af 100644
--- a/config/action.d/symbiosis-blacklist-allports.conf
+++ b/config/action.d/symbiosis-blacklist-allports.conf
@@ -10,13 +10,13 @@ before = iptables-common.conf
 [Definition]
 
 # Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
 # Values:  CMD
 #
 actionstart =
 
 # Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
 # Values:  CMD
 #
 actionstop =