It could be a sqlite3 issue there is a open bug tracker ticket for it. I could be putting the jump rule in the wrong place in the iptables rule set. which is most likely. Both a fairly easy to fix, check you log files for a sqlite3 failure.
On Tue, 2015-09-29 at 09:00 -0300, Christian Schmitz wrote: > Hi everyone: > I need know why fail2ban is not banning IP. The Fail2ban is runing, the jail > active, and detect it: > I receive the email: > Hi, > The IP 120.146.197.161 has just been banned by Fail2Ban after > 3 attempts against sasl. > ........... > But even if "fail2ban-client status sasl-iptables" report the IP as blocked > sasli see the hacking try persist onto the mail logs: > > postfix/smtpd[3676]: lost connection after AUTH from > CPE-120-146-197-161.static.vic.bigpond.net.au[120.146.197.161] > schweb postfix/smtpd[3676]: disconnect from > CPE-120-146-197-161.static.vic.bigpond.net.au[120.146.197.161] > > If i look on fail2ban.log: > 2015-09-27 01:26:16,167 fail2ban.actions[9478]: WARNING [sasl-iptables] Ban > 120.146.197.161 > 2015-09-27 01:26:16,187 fail2ban.actions.action[9478]: ERROR iptables -n -L > INPUT | grep -q 'fail2ban-sasl[ \t]' returned 100 > 2015-09-27 01:26:16,188 fail2ban.actions.action[9478]: ERROR Invariant > check > failed. Trying to restore a sane environment > 2015-09-27 01:26:16,207 fail2ban.actions.action[9478]: ERROR iptables -D > INPUT -p all -j fail2ban-sasl > iptables -F fail2ban-sasl > iptables -X fail2ban-sasl returned 100 > > > How i can solve it? > > Best Regards > Christian Schmitz
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
