From: Lasse B. <ze...@ze...> - 2008-05-30 10:05:50
|
On 00:25, Fri 30 May, Yaroslav Halchenko wrote: > and what was output for iptables -L -n after that 'clean failure'? meridian ~ # /etc/init.d/fail2ban stop * Stopping fail2ban ... [ ok ] meridian ~ # iptables -D INPUT 1 iptables: Index of deletion too big meridian ~ # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination > what version of iptables are you running? anything too new or too old > may be? meridian ~ # iptables iptables v1.3.8: no command specified Try `iptables -h' or 'iptables --help' for more information. Is the version alright or should I up-/downgrade? Thanks for your help, Lasse > On Thu, 29 May 2008, Lasse Bigum wrote: > > > On 10:49, Thu 29 May, Yaroslav Halchenko wrote: > > > may be iptables gets confused a bit while having two chains with the > > > same name if taken in the same case... > > > > stop fail2ban > > > remove any traces of it in iptables: > > > for chain in fail2ban-SSH fail2ban-ssh; do > > > iptables -D INPUT -p tcp -m multiport --dports 22 -j $chain > > > iptables -F $chain > > > iptables -X $chain > > > done > > > > ah -- probably wouldn't work fine since you have two jumps from INPUT > > > over to fail2ban-ssh but none to fail2ban-SSH > > > > so just remove them manually by line number > > > iptables -D INPUT 1 > > > iptables -D INPUT 1 > > > if there is nothing else there > > > > after you made sure that no traces of fail2ban is there (iptables -L -n) > > > -- try starting it again > > > meridian ~ # /etc/init.d/fail2ban stop * Stopping fail2ban ... > > [ ok ] > > meridian ~ # iptables -L -n > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > meridian ~ # /etc/init.d/fail2ban start > > * Starting fail2ban ... > > * [ ok ] > > meridian ~ # tail -10 /var/log/fail2ban.log > > Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> > > 2008-05-29 16:58:25,945 fail2ban.actions.action: INFO Set actionStart > > = echo -en "Hi,\n > > The jail <name> has been started successfuly.\n > > Regards,\n > > Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> > > 2008-05-29 16:58:25,948 fail2ban.actions.action: INFO Set actionUnban > > = > > 2008-05-29 16:58:25,951 fail2ban.actions.action: INFO Set actionCheck > > = > > 2008-05-29 16:58:26,042 fail2ban.actions.action: ERROR iptables -N > > fail2ban-SSH > > iptables -A fail2ban-SSH -j RETURN > > iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 100 > > > Did not seem to help unfortunately. > > > /Lasse > > > TDC1 > > TDC OCES CA0 > > 060328205500Z > > 080328212500Z0s1 > > DK1)0' > > Ingen organisatorisk tilknytning190 > > Lasse Bigum0# > > PID:9208-2002-2-0652938794930 > > 9/NR/pv > > In!6 > > f:[; > > 20060328205500Z > > 20080328212500Z0 > > #http://www.certifikat.dk/repository0 > > TDC0 > > For anvendelse af certifikatet g > > lder OCES vilk > > r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem > > rk, at TDC efter vilk > > rene har et begr > > nset ansvar ift. professionelle parter.0A > > 50301 > > %http://ocsp.certifikat.dk/ocsp/status0" > > La...@ha...0 > > }0{0K > > E0C1 > > TDC1 > > TDC OCES CA1 > > CRL12260, > > &http://crl.oces.certifikat.dk/oces.crl0 > > V7.1 > > :C0_ > > m_]Z > > 1/CA > > TDC1 > > TDC OCES CA0 > > 030211083930Z > > 370211090930Z011 > > TDC1 > > TDC OCES CA0 > > &NJL > > b)q1 > > #http://www.certifikat.dk/repository0 > > TDC0 > > Certifikater fra denne CA udstedes under OID 1.2.208.169.1.1.1. Certificates from this CA are issued under OID 1.2.208.169.1.1.1.0 > > z0x0H > > B0@1 > > TDC1 > > TDC OCES CA1 > > CRL10, > > &http://crl.oces.certifikat.dk/oces.crl0+ > > 20030211083930Z > > 20370211090930Z0 > > V6.0:4.0 > > CA)b > > 1p'T > > >t]t > > h}Hbr > > /_bS1 > > 09011 > > TDC1 > > TDC OCES CA > > 080529150001Z0# > > 1E0C0 > > Q\~, > > 8LBB > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Fail2ban-users mailing list > > Fai...@li... > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > -- > Yaroslav Halchenko > Research Assistant, Psychology Department, Rutgers-Newark > Student Ph.D. @ CS Dept. NJIT > Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 > 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 > WWW: http://www.linkedin.com/in/yarik > |