Okay, I noticed two action.d files (iptables and iptables-multiport) with .rpmnew extensions from the update. Those, apparently, didn't replace the originals for whatever reason. Looked inside and noticed the new files use f2b-< chain name > where the original files used fail2ban-< chain name >. Did a mv on the files and a fail2ban reload and now my chains are getting updated with the bans.
On Wed, 2015-08-26 at 12:04 +0000, Scott, John G. wrote: > Chris, > > Did you get this resolved? Just noticed that I have the same problem > this morning. > > I get the alerts, but firewall rules aren't being updated to ban IPs. > Looking over logs it shows error banning the offending IPs. > > Thanks, > John > > On Fri, 2015-08-21 at 13:52 -0400, Chris Short wrote: > > Thanks for that, Michael. I had my findtime set too low apparently. > > The issue I'm having now is that new violators aren't banned. > > > > Thanks, > > > > Chris Short > > http://chrisshort.net > > Public PGP Key: http://cshort.co/pub_key > > Keybase: http://cshort.co/keybaseio > > > > > > > > On Fri, Aug 21, 2015 at 11:35 AM, Michael H <[email protected]> > > wrote: > > Hi Chris, > > > > Ignore that previous reply, I've been working with RHEL7 a lot > > recently :) > > > > this is my C6 jail config for SSH - I hope it helps. > > > > [ssh-iptables] > > enabled = true > > filter = sshd > > action = iptables[name=SSH, port=ssh, protocol=tcp] > > #remove this line below if you do not wish to receive email > > upon ban. > > sendmail-whois[name=SSH, dest=root, > > sender=fail2ban@HOSTNAME] > > logpath = /var/log/secure > > maxretry = 10 > > findtime = 86400 > > > > Michael > > > > On 21/08/15 16:03, Michael H wrote: > > > Hi Chris, > > > > > > which jail is not working? the standard sshd? > > > > > > I ran into the same kind of issue last year, I found that > > the iptables > > > action wasn't working, after switching to > > > > > > action = firewallcmd-ipset[name=SSH, port=22, protocol=tcp] > > > > > > everything began to work... > > > > > > Michael > > > > > > On 21/08/15 15:23, Chris Short wrote: > > >> I have been having significant issues getting fail2ban to > > actually ban > > >> hosts on RHEL 6 using the latest package from EPEL. The > > logs indicate > > >> fail2ban is finding failures worthy of blocking but only > > seems to do so > > >> at service start. I've tried auto and polling backends. > > >> > > >> Here is the current jail.local I'm working with: > > >> http://pastebin.com/qZv4JN9J > > >> > > >> Any thoughts or guidance would be much appreciated. > > >> > > >> Thanks, > > >> > > >> Chris Short > > >> http://chrisshort.net > > >> Public PGP Key: http://cshort.co/pub_key > > >> Keybase: http://cshort.co/keybaseio > > >> > > >> > > >> > > >> > > > > ------------------------------------------------------------------------------ > > >> > > >> > > >> > > >> _______________________________________________ > > >> Fail2ban-users mailing list > > >> [email protected] > > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > >> > > > > > > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > > > Fail2ban-users mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- John Scott Manager Library Information Technology Shimberg Health Sciences Library University of South Florida http://www.health.usf.edu/library (813) 974-6860 ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
