I have a fresh Centos 7.1 install and my firewallcmd-ipset.conf file contains the correct syntax. Also looking at the source code
https://github.com/fail2ban/fail2ban/blob/master/config/action.d/firewallcmd-ipset.conf it has the correct syntax and I don't see any commits that have changed that part of the file since the original commit nor did I see any epel patches that would have changed it. Looks like a problem with a local customization (maybe in the template for the VM). John On 08/26/2015 01:35 PM, Ali Metin wrote: > Hi > I was having the following error at fail2ban.log file on a Centos 7.1 > machine (actually a KVM template) with fail2ban epel package and > firewalld-systemd backend > > ERROR ipset create fail2ban-sshd hash:ip timeout 3600 > firewall-cmd --direct --add-rule filter INPUT 0 -p tcp -m multiport > --dports 2021 -m set --match-set fail2ban-sshd src -j REJECT > --reject-with icmp-port-unreachable > -- stdout: '\x1b[91mwrong priority\nusage: --direct --add-rule { ipv4 > | ipv6 | eb } <table> <chain> <priority> <args>\x1b[00m\n' > > I understood that there is ipv4|ipv6|eb missing in the > firewallcmd-ipset actionstart action. After inserting ipv4 keyword > properly at actionstart command in file > > /etc/fail2ban/action.d/firewallcmd-ipset.conf > > > the error seems to resolve. My question is "is this a known bug? and > how can it be fixed correctly?" > > > > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
