Re: [Fail2ban-users] How to implement ban using ipset

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 9/3/2020 8:23 AM, Phillip Carroll wrote:
> On 9/1/2020 4:48 PM, Phillip Carroll wrote:
>> when I list the ipset sets on the console, the only sets listed are 
>> those managed by csf. Clearly I have implemented something incorrectly. 
> 
> Problem solved!
> 

One more discovery:

Most likely I didn't need the reboot.  All I needed to do was use the 
console command:

systemctl restart fail2ban.

All of my "manual restarts" of fail2ban server were previously done 
using Webmin.  Webmin presents a nice interactive page with "Fqail2Ban 
Intrusion Detector" with buttons for restart server, and stop server.

HOWEVER:  This method of restarting is evidently seriously broken.  I 
will report that problem to the Webmin developers. I discovered that 
this morning after rebooting.  I saw a configuration error in the 
fail2ban.log, fixed it, and restarted fail2ban again using Webmin. I 
then entered on the console:
   ..]# systemctl status fail2ban

The result said it was active for 20 minutes. WHOA! I just restarted!

I then restarted using the console, checked the status, It showed one 
second up time. I then listed the ipset and FINALLY it listed entries 
for the first time since starting this adventure!

Live and learn.  I hope my reports of these interesting effects save 
somebody else from making the same mistakes.  I may write a "cheat 
sheet" howto on getting fail2ban up and running with a custom log watch.

I will post my debugging logs if anyone is interested. I am also now 
finally getting useful debug information in the fail2ban log.

Phil