From: Darac M. <mai...@da...> - 2012-10-22 14:44:37
|
On Mon, Oct 22, 2012 at 04:34:49PM +0200, Leutnant Steiner wrote: > changed the actions line to: > > action = iptables > > instad of: > action�� = iptables[name=dovecot, port="pop3,pop3s,imap,imaps" > protocol=tcp] > > the jail starts - but will it work as expected ? If you'd run the iptables command directly, you've have noticed that you have a syntax error. "--dport" takes either a single port or a (colon-separated) range of ports. As far as iptables is concerned, there is no port called "pop3,pop3d,imap,imaps". Look, instead, at the iptables-multiport action. > > 2012/10/22 Leutnant Steiner <[1]chk...@gm...> > > hi list ! > > when reloading fail2ban-client with the following jail i get: > > fail2ban.actions.action: ERROR� iptables -N fail2ban-dovecot > iptables -A fail2ban-dovecot -j RETURN > iptables -I INPUT -p tcp --dport pop3,pop3s,imap,imaps protocol -j > fail2ban-dovecot returned 200 > > fail2ban-regex shows some matches when trying this config > > i'm using: Fail2Ban v0.8.7 on Debian 2.6.26-26lenny3 > > here is the jail config: > > jail.conf: > > [dovecot-iptables] > enabled = false > filter = dovecot > action�� = iptables[name=dovecot, port="pop3,pop3s,imap,imaps" > protocol=tcp] > ���������� sendmail-whois[name=dovecot, dest=[2]ed...@me..., > sender=[3]ad...@me...] > logpath� = /var/log/mail.log > maxretry = 2 > findtime = 4000 > bantime = -1 > > other jails with similar config are working. > > i searched the net and tried: > > the "timing-patch": fail2ban-client at line 145� ( insert the sleep - > even 0.5 does not help) > > def __processCmd(self, cmd, showRet = True): > ����beautifier = Beautifier() > ����for c in cmd: > ��������time.sleep(0.1) > ��������beautifier.setInputCmd(c) > ��������try: > and the syncronisation / lock thing, modifiying actions� iptables.conf / > iptables-multiport.conf > > actionstart = flock /var/lock/fail2ban -c "iptables -N fail2ban-<name>" > flock /var/lock/fail2ban -c "iptables -A fail2ban-<name> -j RETURN" > flock /var/lock/fail2ban -c "iptables -I INPUT -p <protocol> \ > -m multiport --dports <port> -j fail2ban-<name>" > > but no success so far. am i missing something ? > > i saw his post: > [4]http://blog.somsip.com/2011/12/fail2ban-error-iptables-returned-200/ > but could not manage to get under 30characters - ist that it ? > > thank you, chris > > -- > Disclaimer: This communication may contain confidential, proprietary or > legally privileged information. It is intended only for the person(s) to > whom it is addressed. If you are not an intended recipient, you may not > use, read, retransmit, disseminate or take any action in reliance upon > it. Please notify the sender that you have received it in error and > immediately delete the entire communication, including any attachments. > I do not encrypt and cannot ensure the confidentiality or integrity of > external e-mail communications and, therefore, I cannot be responsible > for any unauthorized access, disclosure, use or tampering that may occur > during transmission. If you are not the intended recipient you are > notified that disclosing, copying, distributing or taking any action in > reliance on the contents of this information is strictly prohibited. I > accept no liability for the content of this email, or for the > consequences of any actions taken on the basis of the information > provided. > > -- > Disclaimer: This communication may contain confidential, proprietary or > legally privileged information. It is intended only for the person(s) to > whom it is addressed. If you are not an intended recipient, you may not > use, read, retransmit, disseminate or take any action in reliance upon it. > Please notify the sender that you have received it in error and > immediately delete the entire communication, including any attachments. I > do not encrypt and cannot ensure the confidentiality or integrity of > external e-mail communications and, therefore, I cannot be responsible for > any unauthorized access, disclosure, use or tampering that may occur > during transmission. If you are not the intended recipient you are > notified that disclosing, copying, distributing or taking any action in > reliance on the contents of this information is strictly prohibited. I > accept no liability for the content of this email, or for the consequences > of any actions taken on the basis of the information provided. > > References > > Visible links > 1. mailto:chk...@gm... > 2. mailto:ed...@me... > 3. mailto:ad...@me... > 4. http://blog.somsip.com/2011/12/fail2ban-error-iptables-returned-200/ > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |