From: Yaroslav H. <li...@on...> - 2008-05-30 16:04:12
|
> meridian ~ # iptables > iptables v1.3.8: no command specified > Try `iptables -h' or 'iptables --help' for more information. > Is the version alright or should I up-/downgrade? heh heh -- not sure... also it is not only iptables but kernel version... just FYI 1.3.7 and 1.3.8 releases combined fix 35 bugs, but I didn't spot any possible relevant one. and 1.3.6 from etch Debian seems to work fine... but also I neither had problem with 1.3.[78] whenever they were in Debian unstable... so it must be something more peculiar. 1 question though: did you modify fail2ban configs in any ways which could be relevant? (althouth that is probably irrelevant since it fails on those commands from cmdline too) looking through the thread I got a feeling that you have two chains for ssh: 1 using regular iptables, another one uses iptables-multiport? or am I wrong? in any case -- it might help if you provide complete configuration you are using (as an attachement) so it is up to you to upgrade iptables/kernel and see if problem persists. btw - may be I missed -- what distribution/release are you running? > Thanks for your help, > Lasse > > On Thu, 29 May 2008, Lasse Bigum wrote: > > > On 10:49, Thu 29 May, Yaroslav Halchenko wrote: > > > > may be iptables gets confused a bit while having two chains with the > > > > same name if taken in the same case... > > > > stop fail2ban > > > > remove any traces of it in iptables: > > > > for chain in fail2ban-SSH fail2ban-ssh; do > > > > iptables -D INPUT -p tcp -m multiport --dports 22 -j $chain > > > > iptables -F $chain > > > > iptables -X $chain > > > > done > > > > ah -- probably wouldn't work fine since you have two jumps from INPUT > > > > over to fail2ban-ssh but none to fail2ban-SSH > > > > so just remove them manually by line number > > > > iptables -D INPUT 1 > > > > iptables -D INPUT 1 > > > > if there is nothing else there > > > > after you made sure that no traces of fail2ban is there (iptables -L -n) > > > > -- try starting it again > > > meridian ~ # /etc/init.d/fail2ban stop * Stopping fail2ban ... > > > [ ok ] > > > meridian ~ # iptables -L -n > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > Chain FORWARD (policy ACCEPT) > > > target prot opt source destination > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > meridian ~ # /etc/init.d/fail2ban start > > > * Starting fail2ban ... > > > * [ ok ] > > > meridian ~ # tail -10 /var/log/fail2ban.log > > > Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest> > > > 2008-05-29 16:58:25,945 fail2ban.actions.action: INFO Set actionStart > > > = echo -en "Hi,\n > > > The jail <name> has been started successfuly.\n > > > Regards,\n > > > Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest> > > > 2008-05-29 16:58:25,948 fail2ban.actions.action: INFO Set actionUnban > > > = > > > 2008-05-29 16:58:25,951 fail2ban.actions.action: INFO Set actionCheck > > > = > > > 2008-05-29 16:58:26,042 fail2ban.actions.action: ERROR iptables -N > > > fail2ban-SSH > > > iptables -A fail2ban-SSH -j RETURN > > > iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 100 > > > Did not seem to help unfortunately. > > > /Lasse > > > TDC1 > > > TDC OCES CA0 > > > 060328205500Z > > > 080328212500Z0s1 > > > DK1)0' > > > Ingen organisatorisk tilknytning190 > > > Lasse Bigum0# > > > PID:9208-2002-2-0652938794930 > > > 9/NR/pv > > > In!6 > > > f:[; > > > 20060328205500Z > > > 20080328212500Z0 > > > #http://www.certifikat.dk/repository0 > > > TDC0 > > > For anvendelse af certifikatet g > > > lder OCES vilk > > > r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem > > > rk, at TDC efter vilk > > > rene har et begr > > > nset ansvar ift. professionelle parter.0A > > > 50301 > > > %http://ocsp.certifikat.dk/ocsp/status0" > > > La...@ha...0 > > > }0{0K > > > E0C1 > > > TDC1 > > > TDC OCES CA1 > > > CRL12260, > > > &http://crl.oces.certifikat.dk/oces.crl0 > > > V7.1 > > > :C0_ > > > m_]Z > > > 1/CA > > > TDC1 > > > TDC OCES CA0 > > > 030211083930Z > > > 370211090930Z011 > > > TDC1 > > > TDC OCES CA0 > > > &NJL > > > b)q1 > > > #http://www.certifikat.dk/repository0 > > > TDC0 > > > Certifikater fra denne CA udstedes under OID 1.2.208.169.1.1.1. Certificates from this CA are issued under OID 1.2.208.169.1.1.1.0 > > > z0x0H > > > B0@1 > > > TDC1 > > > TDC OCES CA1 > > > CRL10, > > > &http://crl.oces.certifikat.dk/oces.crl0+ > > > 20030211083930Z > > > 20370211090930Z0 > > > V6.0:4.0 > > > CA)b > > > 1p'T > > > >t]t > > > h}Hbr > > > /_bS1 > > > 09011 > > > TDC1 > > > TDC OCES CA > > > 080529150001Z0# > > > 1E0C0 > > > Q\~, > > > 8LBB > > > ------------------------------------------------------------------------- > > > This SF.net email is sponsored by: Microsoft > > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > _______________________________________________ > > > Fail2ban-users mailing list > > > Fai...@li... > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > -- > > Yaroslav Halchenko > > Research Assistant, Psychology Department, Rutgers-Newark > > Student Ph.D. @ CS Dept. NJIT > > Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 > > 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 > > WWW: http://www.linkedin.com/in/yarik -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |