You are not logged in.

#1 2017-09-05 17:42:34

ua4000
Member
Registered: 2015-10-14
Posts: 402

[SOLVED] fail2ban 0.10.0 omit iptable

fail2ban 0.10.0 installed, iptables and ip6tables unit started.
Minimal changes to jail.conf for testing:

[INCLUDES]
before = paths-arch.conf
...
[nginx-http-auth]
enabled = true

fail2ban unit started, but no entry in iptable are created:

# /var/log/fail2ban.log
2017-09-05 19:25:11,595 fail2ban.server         [1349]: INFO    Starting Fail2ban v0.10.0
2017-09-05 19:25:11,603 fail2ban.database       [1349]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2017-09-05 19:25:11,605 fail2ban.jail           [1349]: INFO    Creating new jail 'nginx-http-auth'
2017-09-05 19:25:11,622 fail2ban.jail           [1349]: INFO    Jail 'nginx-http-auth' uses pyinotify {}
2017-09-05 19:25:11,625 fail2ban.jail           [1349]: INFO    Initiated 'pyinotify' backend
2017-09-05 19:25:11,635 fail2ban.filter         [1349]: INFO    Added logfile: '/var/log/nginx/error.log' (pos = 58683, hash = 0af29e073e2b79d6ea5811f04dda4c97cf570645)
2017-09-05 19:25:11,638 fail2ban.filter         [1349]: INFO      encoding: UTF-8
2017-09-05 19:25:11,638 fail2ban.filter         [1349]: INFO      maxRetry: 5
2017-09-05 19:25:11,639 fail2ban.filter         [1349]: INFO      findtime: 600
2017-09-05 19:25:11,640 fail2ban.actions        [1349]: INFO      banTime: 600
2017-09-05 19:25:11,643 fail2ban.jail           [1349]: INFO    Jail 'nginx-http-auth' started
$ sudo iptables -S --wait
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

I was using fail2ban already before, in a more complex setup with ipset, which fails recently.
For testing a did a fallback to this simple testsetup.

Thanks for any hints.

Last edited by ua4000 (2017-09-18 17:56:01)

Offline

#2 2017-09-06 17:03:52

ua4000
Member
Registered: 2015-10-14
Posts: 402

Re: [SOLVED] fail2ban 0.10.0 omit iptable

raised fail2ban.conf to loglevel=DEBUG

2017-09-06 18:39:13,317 fail2ban.CommandAction  [1577]: DEBUG     Set actionstart = '<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth'

But these iptables commands are not executed.

Also added a simple date>txt shell script to the actionstart section in iptables-multiport.conf, also it will not be executed:

2017-09-06 18:49:50,107 fail2ban.CommandAction  [1738]: DEBUG     Set actionstart = '/home/me/bin/d\n<iptables> -N f2b-nginx-http-auth\n<iptables> -A f2b-nginx-http-auth -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth'

Did I miss some important thing in 0.10.0 or is this a bug ? How to catch it?

Offline

#3 2017-09-18 17:55:33

ua4000
Member
Registered: 2015-10-14
Posts: 402

Re: [SOLVED] fail2ban 0.10.0 omit iptable

Some kernel updates and reboots later: now it works - don't know what caused the problems.
Also I have cleared my old fail2ban setting in /etc/fail2ban completely.
fail2ban 0.10 was a major release with IPv6 support and other changes etc ...
...I rewrote my entire config :-)

Offline

Board footer

Powered by FluxBB