|
The clue is in the error message. Your version of iptables does not
support the -w switch so you'll need to remove it from your
action.d/iptables.conf. Earlier versions of f2b did not use the -w
switch. You may also want to change iptables-multiport.conf. Really
the recommended way is to create a new file, action.d/iptables.local
and make the changes there. That way you leave the original
installation intact. Regards, Nick On 27/11/2015 14:19, Thomas Doczkal
wrote:
Hello, I have a strange issue here. iptables installed are Version iptables v1.4.14. I haven't changed the action.d/iptables.conf. I have installed the latest version fail2ban-client 0.9.3 and configured ssh-iptables as follows#################################### [ssh-iptables] enabled = true bantime = 36000 ignoreip = 127.0.0.1 filter = sshd action = "" port=ssh, protocol=tcp] # mail-whois[name=SSH, [email protected]] #logpath = /var/log/sshd.log logpath = /var/log/auth.log maxretry = 3 #################################### I can see failed entries and banned ips but iptables are not changed. One of the attacker IPs is 74.208.47.218 I have the following in my fail2ban.log file. I did an unban with fail2ban-client and received the following output: #################################### 2015-11-25 19:16:47,463 fail2ban.actions [26745]: NOTICE [ssh-iptables] Unban 74.208.47.218 2015-11-25 19:16:47,599 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: '' 2015-11-25 19:16:47,603 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\n' 2015-11-25 19:16:47,607 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1 2015-11-25 19:16:47,610 fail2ban.CommandAction [26745]: ERROR Invariant check failed. Trying to restore a sane environment 2015-11-25 19:16:47,746 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- stdout: '' 2015-11-25 19:16:47,750 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\n' 2015-11-25 19:16:47,754 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- returned 2 2015-11-25 19:16:47,758 fail2ban.actions [26745]: ERROR Failed to execute unban jail 'ssh-iptables' action 'iptables' info '{'matches': 'Nov 25 15:35:35 homeserver01 sshd[31789]: Invalid user pi from 74.208.47.218Nov 25 15:35:38 homeserver01 sshd[31793]: Invalid user pi from 74.208.47.218Nov 25 15:35:39 homeserver01 sshd[31795]: Invalid user pi from 74.208.47.218Nov 25 15:35:41 homeserver01 sshd[31797]: Invalid user pi from 74.208.47.218Nov 25 15:35:42 homeserver01 sshd[31799]: Invalid user pi from 74.208.47.218', 'ip': '74.208.47.218', 'time': 1448474683.343454, 'failures': 5}': Error stopping action #################################### same if I try to ban the ip manually: #################################### 2015-11-25 19:40:21,364 fail2ban.actions [26745]: NOTICE [ssh-iptables] Ban 74.208.47.218 2015-11-25 19:40:21,501 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: '' 2015-11-25 19:40:21,506 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\n' 2015-11-25 19:40:21,509 fail2ban.action [26745]: ERROR iptables -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1 2015-11-25 19:40:21,513 fail2ban.CommandAction [26745]: ERROR Invariant check failed. Trying to restore a sane environment 2015-11-25 19:40:21,650 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- stdout: '' 2015-11-25 19:40:21,654 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' for more information.\n' 2015-11-25 19:40:21,658 fail2ban.action [26745]: ERROR iptables -w -D INPUT -p tcp --dport ssh -j f2b-SSH iptables -w -F f2b-SSH iptables -w -X f2b-SSH -- returned 2 2015-11-25 19:40:21,661 fail2ban.actions [26745]: ERROR Failed to execute ban jail 'ssh-iptables' action 'iptables' info 'CallingMap({'ipjailmatches': <function <lambda> at 0xb66644b0>, 'matches': '', 'ip': '74.208.47.218', 'ipmatches': <function <lambda> at 0xb6664470>, 'ipfailures': <function <lambda> at 0xb6664430>, 'time': 1448476821.364055, 'failures': 3, 'ipjailfailures': <function <lambda> at 0xb66643f0>})': Error stopping action #################################### I haven't changed the action.d/iptables.conf. Any idea where I have to delete the unknown option -w? I have tried to grep for -w but could not find a way to escape - so I had no luck with this. Many thanks in advance. Best Regards, Thomas ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
