From de9837555311b5e066583b03e9447ac101307216 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 18 Jan 2009 11:56:20 -0500
Subject: [PATCH] adjusted description of bantime/findtime in README.Debian
 (closes: #507771)

---
 debian/README.Debian | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index faf52b10..ac43a862 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -190,10 +190,21 @@ by fail2ban.
 An IP is banned for "bantime" not since the last failed login attempt
 from the IP, but rather since the moment when failed login was
 detected by fail2ban. Thus, if fail2ban gets [re]started, any IP which
-had enough of failed logins within "findtime" will be banned for
+had enough of failed logins with durations less than "findtime" between
+them prior to the [re]start moment, will be banned for
 "bantime" since [re]start moment, not since the last failed login
 time.
 
+* Findtime:
+
+"Findtime" option of a jail actually defines a duration to reset the
+counter of failed login attempts, if no new attempt was detected within
+that time frame (i.e.  within "findtime").
+
+See
+http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options
+for more information on jail options.
+
 
 * Syslog entries can be 'forged' by a regular user