I am new to CrowSec and struggle to see the relation between the ban time defined in the profiles.yaml file (4 hours by default) and the timeout value used for IP’s in the ipset list.
The timeout value on IP’s in the ipset list is always larger then the ban time defined the profiles.yaml file. Why is that?
My mistake. After reading up on the Crowdsec documentation I realized that ban time for bans from the Central Database (CAPI) are substantially longer. 167 hours if I am not mistaken, against 4 hours for local bans. This explains the much longer ban time I was seeing.
Is there a way adjust the default ban time for bans from the Central Database (CAPI)?