Hello, many thanks I have solved the problem finally.
I have changed the iptables-common.local file and added the following lines: |(I found this in the github issue 1122 linked in https://github.com/fail2ban/fail2ban/issues/1122)| |[Init] lockingopt = looks like the||[Init]| tag is inportant as well as I got an error while reloading the configuration with fail2ban-client reload. Many thanks Nick. Best Regards, Thomas On 11/28/2015 04:44 PM, Nick Howitt wrote: > Sorry. Forgot to reply-all. > > Before iptables.conf runs it calls iptables-common.conf and in iptables.conf > it > calls the parameter <iptables> and not the iptables command itself. The > <iptables> parameter is set in iptables-common.conf. As I use an epel/el6 > version I think mine is different to the standard release but I'm pretty sure > you'll find the -w switch in there where it sets the <iptables> variable. > > Looking at the el7 files, <iptables> is set in iptables-common.conf to > "iptables > <lockingopt>". <lockingopt> is set to "-w" and this is what you need to > remove, > presumably setting it to blank or nothing, so, create a file > iptables-common.local with a single line in it: > > lockingopt = > > This should override the default. If it does not work change the line to: > > lockingopt = "" > > Nick > > On 27/11/2015 16:46, Nick Howitt wrote: > > The clue is in the error message. Your version of iptables does not support > > the -w switch so you'll need to remove it from your action.d/iptables.conf. > > Earlier versions of f2b did not use the -w switch. You may also want to > > change > > iptables-multiport.conf. Really the recommended way is to create a new > > file, > > action.d/iptables.local and make the changes there. That way you leave the > > original installation intact. > > > > Regards, > > > > Nick > > > > On 27/11/2015 14:19, Thomas Doczkal wrote: > >> Hello, > >> > >> I have a strange issue here. > >> iptables installed are Version iptables v1.4.14. > >> I haven't changed the action.d/iptables.conf. > >> I have installed the latest version fail2ban-client 0.9.3 and configured > >> ssh-iptables as follows > >> > >> #################################### > >> [ssh-iptables] > >> enabled = true > >> bantime = 36000 > >> ignoreip = 127.0.0.1 > >> > >> filter = sshd > >> action = iptables[name=SSH, port=ssh, protocol=tcp] > >> # mail-whois[name=SSH,[email protected]] > >> #logpath = /var/log/sshd.log > >> logpath = /var/log/auth.log > >> maxretry = 3 > >> #################################### > >> > >> I can see failed entries and banned ips but iptables are not changed. > >> > >> One of the attacker IPs is 74.208.47.218 > >> > >> I have the following in my fail2ban.log file. > >> I did an unban with fail2ban-client and received the following output: > >> > >> #################################### > >> 2015-11-25 19:16:47,463 fail2ban.actions [26745]: NOTICE > >> [ssh-iptables] Unban 74.208.47.218 > >> 2015-11-25 19:16:47,599 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: '' > >> 2015-11-25 19:16:47,603 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables > >> v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' > >> for more information.\n' > >> 2015-11-25 19:16:47,607 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1 > >> 2015-11-25 19:16:47,610 fail2ban.CommandAction [26745]: ERROR > >> Invariant check failed. Trying to restore a sane environment > >> 2015-11-25 19:16:47,746 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- stdout: '' > >> 2015-11-25 19:16:47,750 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option > >> "-w"\nTry `iptables -h\' or \'iptables --help\' for more > >> information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' > >> or \'iptables --help\' for more information.\niptables v1.4.14: unknown > >> option "-w"\nTry `iptables -h\' or \'iptables --help\' for more > >> information.\n' > >> 2015-11-25 19:16:47,754 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- returned 2 > >> 2015-11-25 19:16:47,758 fail2ban.actions [26745]: ERROR Failed > >> to execute unban jail 'ssh-iptables' action 'iptables' info '{'matches': > >> 'Nov 25 15:35:35 homeserver01 sshd[31789]: Invalid user pi from > >> 74.208.47.218Nov 25 15:35:38 homeserver01 sshd[31793]: Invalid user pi > >> from 74.208.47.218Nov 25 15:35:39 homeserver01 sshd[31795]: Invalid user > >> pi from 74.208.47.218Nov 25 15:35:41 homeserver01 sshd[31797]: Invalid > >> user pi from 74.208.47.218Nov 25 15:35:42 homeserver01 sshd[31799]: > >> Invalid user pi from 74.208.47.218', 'ip': '74.208.47.218', 'time': > >> 1448474683.343454, 'failures': 5}': Error stopping action > >> #################################### > >> > >> same if I try to ban the ip manually: > >> #################################### > >> 2015-11-25 19:40:21,364 fail2ban.actions [26745]: NOTICE > >> [ssh-iptables] Ban 74.208.47.218 > >> 2015-11-25 19:40:21,501 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: '' > >> 2015-11-25 19:40:21,506 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables > >> v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\' > >> for more information.\n' > >> 2015-11-25 19:40:21,509 fail2ban.action [26745]: ERROR iptables > >> -w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1 > >> 2015-11-25 19:40:21,513 fail2ban.CommandAction [26745]: ERROR > >> Invariant check failed. Trying to restore a sane environment > >> 2015-11-25 19:40:21,650 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- stdout: '' > >> 2015-11-25 19:40:21,654 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option > >> "-w"\nTry `iptables -h\' or \'iptables --help\' for more > >> information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\' > >> or \'iptables --help\' for more information.\niptables v1.4.14: unknown > >> option "-w"\nTry `iptables -h\' or \'iptables --help\' for more > >> information.\n' > >> 2015-11-25 19:40:21,658 fail2ban.action [26745]: ERROR iptables > >> -w -D INPUT -p tcp --dport ssh -j f2b-SSH > >> iptables -w -F f2b-SSH > >> iptables -w -X f2b-SSH -- returned 2 > >> 2015-11-25 19:40:21,661 fail2ban.actions [26745]: ERROR Failed > >> to execute ban jail 'ssh-iptables' action 'iptables' info > >> 'CallingMap({'ipjailmatches': <function <lambda> at 0xb66644b0>, > >> 'matches': '', 'ip': '74.208.47.218', 'ipmatches': <function <lambda> at > >> 0xb6664470>, 'ipfailures': <function <lambda> at 0xb6664430>, 'time': > >> 1448476821.364055, 'failures': 3, 'ipjailfailures': <function <lambda> > >> at 0xb66643f0>})': Error stopping action > >> #################################### > >> > >> I haven't changed the action.d/iptables.conf. > >> > >> > >> Any idea where I have to delete the unknown option -w? > >> I have tried to grep for -w but could not find a way to escape - so I > >> had no luck with this. > >> > >> Many thanks in advance. > >> > >> Best Regards, > >> Thomas > >> > >> ------------------------------------------------------------------------------ > >> _______________________________________________ > >> Fail2ban-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
