Chris, Did you get this resolved? Just noticed that I have the same problem this morning.
I get the alerts, but firewall rules aren't being updated to ban IPs. Looking over logs it shows error banning the offending IPs. Thanks, John On Fri, 2015-08-21 at 13:52 -0400, Chris Short wrote: > Thanks for that, Michael. I had my findtime set too low apparently. > The issue I'm having now is that new violators aren't banned. > > Thanks, > > Chris Short > http://chrisshort.net > Public PGP Key: http://cshort.co/pub_key > Keybase: http://cshort.co/keybaseio > > > > On Fri, Aug 21, 2015 at 11:35 AM, Michael H <[email protected]> > wrote: > Hi Chris, > > Ignore that previous reply, I've been working with RHEL7 a lot > recently :) > > this is my C6 jail config for SSH - I hope it helps. > > [ssh-iptables] > enabled = true > filter = sshd > action = iptables[name=SSH, port=ssh, protocol=tcp] > #remove this line below if you do not wish to receive email > upon ban. > sendmail-whois[name=SSH, dest=root, > sender=fail2ban@HOSTNAME] > logpath = /var/log/secure > maxretry = 10 > findtime = 86400 > > Michael > > On 21/08/15 16:03, Michael H wrote: > > Hi Chris, > > > > which jail is not working? the standard sshd? > > > > I ran into the same kind of issue last year, I found that > the iptables > > action wasn't working, after switching to > > > > action = firewallcmd-ipset[name=SSH, port=22, protocol=tcp] > > > > everything began to work... > > > > Michael > > > > On 21/08/15 15:23, Chris Short wrote: > >> I have been having significant issues getting fail2ban to > actually ban > >> hosts on RHEL 6 using the latest package from EPEL. The > logs indicate > >> fail2ban is finding failures worthy of blocking but only > seems to do so > >> at service start. I've tried auto and polling backends. > >> > >> Here is the current jail.local I'm working with: > >> http://pastebin.com/qZv4JN9J > >> > >> Any thoughts or guidance would be much appreciated. > >> > >> Thanks, > >> > >> Chris Short > >> http://chrisshort.net > >> Public PGP Key: http://cshort.co/pub_key > >> Keybase: http://cshort.co/keybaseio > >> > >> > >> > >> > > ------------------------------------------------------------------------------ > >> > >> > >> > >> _______________________________________________ > >> Fail2ban-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > >> > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
