From: Constantin B. <con...@fr...> - 2005-10-11 13:48:21
|
Hi, fail2ban in Version 0.5.4 gives me sometimes an iptables error message when trying to ban a host. After that fail2ban doesn't catch the error and assumes the IP is already blocked. <snip> 2005-10-10 14:32:07,352 INFO: Fail2Ban v0.5.4 is running 2005-10-10 14:32:07,353 INFO: Enabled sections: ['SSH'] 2005-10-10 14:32:37,553 INFO: SSH: 195.4.xx.xxx has 3 login failure(s). Banned. 2005-10-10 14:32:37,553 WARNING: Ban 195.4.xx.xxx 2005-10-10 14:57:38,449 WARNING: Unban 195.4.xx.xxx 2005-10-11 15:29:56,043 INFO: SSH: 62.104.xxx.xx has 3 login failure(s). Banned. 2005-10-11 15:29:56,043 WARNING: Ban 62.104.xxx.xx 2005-10-11 15:29:56,052 ERROR: 'iptables -I fail2ban-ssh 1 -s '62.104.xxx.xx' -j DROP' returned 256 2005-10-11 15:29:58,054 INFO: SSH: 62.104.xxx.xx has 3 login failure(s). Banned. 2005-10-11 15:29:58,054 ERROR: 62.104.xxx.xx already in ban list </snip> I've seen this error on two different machines, is it due to my iptables version/config? iptables v1.2.11 is being used. My config file can be seen here: http://pastebin.com/390069 Any help is very much appreciated :) Thanks in advance, Constantin |
From: Yaroslav H. <li...@on...> - 2005-10-11 15:47:56
|
Check if your chain fail2ban-ssh exists whenever this error occur (iptables -L). May be you've restarted firewall or just cleared out iptables, then chain will not exist thus commands will fail. -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |