The released version of fail2ban does not support ipv6. I know there are some patches posted, but they haven't been reviewed for the official branch as far as I know. Most attacks I see are from ipv4 at the moment, so it's not a big issue, but sooner or later ipv6 support will be needed.
It would be fairly easy to go to the action.d files in use and update them so they call the same rules with ipv4 and ipv6, so at least attackers are blocked on all protocols, but that's not enough, since the log file parser does not identify attacks via ipv6 in the first place. John On 08/26/2015 02:44 PM, Ali Metin wrote: > Yes that must be a problem with KVM template. > But what about an ipv6 attacker trying to login? > Would that action ban him as well? > > > ------------------------------------------------------------------------ > To: [email protected] > From: [email protected] > Date: Wed, 26 Aug 2015 14:30:10 +0200 > Subject: Re: [Fail2ban-users] Centos 7 fail2ban issue > > I have a fresh Centos 7.1 install and my firewallcmd-ipset.conf file > contains the correct syntax. Also looking at the source code > > https://github.com/fail2ban/fail2ban/blob/master/config/action.d/firewallcmd-ipset.conf > > it has the correct syntax and I don't see any commits that have > changed that part of the file since the original commit nor did I see > any epel patches that would have changed it. > > Looks like a problem with a local customization (maybe in the template > for the VM). > > John > > On 08/26/2015 01:35 PM, Ali Metin wrote: > > Hi > I was having the following error at fail2ban.log file on a Centos > 7.1 machine (actually a KVM template) with fail2ban epel package > and firewalld-systemd backend > > ERROR ipset create fail2ban-sshd hash:ip timeout 3600 > firewall-cmd --direct --add-rule filter INPUT 0 -p tcp -m > multiport --dports 2021 -m set --match-set fail2ban-sshd src -j > REJECT --reject-with icmp-port-unreachable > -- stdout: '\x1b[91mwrong priority\nusage: --direct --add-rule { > ipv4 | ipv6 | eb } <table> <chain> <priority> <args>\x1b[00m\n' > > I understood that there is ipv4|ipv6|eb missing in the > firewallcmd-ipset actionstart action. After inserting ipv4 keyword > properly at actionstart command in file > > /etc/fail2ban/action.d/firewallcmd-ipset.conf > > > the error seems to resolve. My question is "is this a known bug? > and how can it be fixed correctly?" > > > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > ------------------------------------------------------------------------------ > _______________________________________________ Fail2ban-users mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
