From: Tom H. <to...@wh...> - 2011-05-27 17:19:30
|
On 27/05/11 17:05, J4K wrote: > On 05/27/2011 04:44 PM, Tom Hendrikx wrote: >> On 27/05/11 15:52, J4K wrote: In the action.d/iptables*.conf, >> you'll find some iptables command line. >> >> Some of these contain the uppercase word DROP. replace this with >> REJECT, and restart fail2ban. It depends on which action(s) you >> have defined in jail.conf, which action file you need to edit. >> >> The blacklist policy of shorewall is defined within shorewalls >> config file, look for BLACKLIST_DISPOSITION in shorewall.conf > > I did a simple replace DROP/REJECT/ on those files. Restarting > fail2ban gave a few errors on these: 2011-05-27 17:01:39,132 > fail2ban.actions.action: ERROR iptables -N > fail2ban-apache-overflows iptables -A fail2ban-apache-overflows -j > RETURN iptables -I INPUT -p tcp -m multiport --dports http,https -j > fail2ban-apache-overflows returned 400 2011-05-27 17:01:39,135 > fail2ban.jail : INFO Jail 'sasl' started 2011-05-27 17:01:39,137 > fail2ban.actions.action: ERROR iptables -N fail2ban-apache-noscript > iptables -A fail2ban-apache-noscript -j RETURN iptables -I INPUT -p > tcp -m multiport --dports http,https -j fail2ban-apache-noscript > returned 200 . I've seen these too when using the (default) iptables actions, and they seem to be related to failing commands in the 'actionstart' config item. They seem to fail random (the commands are ok), and I never got around to debug them. Maybe it's a race condition? Laziness told me to try the shorewall stuff, and that worked great ever since. > > Although I don't know whether this is related to change. Do you > know what do these messages mean? > As the DROP/REJECT stuff is not in 'actionstart', but in 'actionban', it has nothing to do with your changes. -- Regards, Tom |