My method, via /etc/clearos/firewall.d/local or a special file in the
same folder is not applicable to you. You'd need feedback from a Ubuntu
user who knows where their firewall (re)starts from.
On 2016-04-07 13:34, Alexander R. Gruber wrote:
> My iptables seems to accept the -w (--wait) switch, so that should not
> be a problem.
> I've added my firewall rules to the /etc/network/if-pre-up.d/
> directory - to be exact I've done this:
> #!/bin/sh
> /etc/init.d/firewall-n1 start
>
> Which is the script to set up the NAT rules for the loadbalancing.
>
> My Distro ist Ubuntu 14.04 LTS
> Fail2Ban is: Fail2ban v0.9.4 (which is backported from neurodebian
> repository)
>
> I'm not quite sure if doing this will resolve the problem, as there
> are no actual "restart scripts" for iptables itself.
>
> Which method do you use?
>
> Thank you again!
> Alexander
>
> On 07.04.2016 21:20, Nick Howitt wrote:
>> I seem to think your version of iptables may support the -w switch.
>> Try a full command. If it does not, I can't remember where in the f2b
>> actions to make the change. It is one of the default settings. I may
>> be able to find out when I get home.
>>
>> For firewall restarting, all sorts of things could cause it, WAN IP
>> glitches or changes and so on. I run ClearOS which deviates a bit from
>> EL and CentOS and they have a structure so than any rules in
>> /etc/clearos/firewall.d/local execute on firewall restart (as do a
>> whole bunch of others from a couple of files which contain the basic
>> rules and the rules applied through their webconfig), but this is
>> ClearOS specific. I've no idea for your distro.
>>
>> Nick
>>
>> On 2016-04-07 13:08, Alexander R. Gruber wrote:
>>> Hallo Nick!
>>>
>>> # iptables -V
>>> iptables v1.4.21
>>> # iptables -w
>>> iptables v1.4.21: no command specified
>>> Try `iptables -h' or 'iptables --help' for more information.
>>>
>>> What you said before - that the firewall rules need to be loaded at
>>> every start/restart of the firewall itself, not only on system start
>>> absolutely makes sense!
>>> So IF f2b would restart the firewall for whatever reason, the NAT
>>> rules could be lost.
>>>
>>> So what should I do with the config in this case? Just remove the -w
>>> switch, or replace it with something else?
>>>
>>> Thank you!
>>> Alexander
>>>
>>> On 07.04.2016 21:03, Nick Howitt wrote:
>>>> What version of iptables are you running? My version (I can't check
>>>> at the moment) and any el6 derivative does not support the -w switch
>>>> so it needs to be removed from the f2b configs.
>>>>
>>>> Nick
>>>>
>>>> On 2016-04-07 12:50, Alexander R. Gruber wrote:
>>>>> Sorry for replying to myself, but I found a lot of errors in the
>>>>> log
>>>>> that might have to do with the problem at hand:
>>>>>
>>>>> <snip>
>>>>> 2016-04-06 08:53:19,351 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:19,352 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:19,577 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:19,578 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:21,608 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:21,609 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:21,731 fail2ban.actions [3526]: NOTICE
>>>>> [sshd]
>>>>> Ban 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:21,836 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stdout: ''
>>>>>
>>>>> 2016-04-06 08:53:21,836 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- stderr: ''
>>>>>
>>>>> 2016-04-06 08:53:21,836 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]' -- returned 1
>>>>>
>>>>> 2016-04-06 08:53:21,836 fail2ban.CommandAction [3526]: ERROR
>>>>> Invariant check failed. Trying to restore a sane environment
>>>>>
>>>>> 2016-04-06 08:53:21,941 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
>>>>>
>>>>> iptables -w -F f2b-sshd
>>>>>
>>>>> iptables -w -X f2b-sshd -- stdout: ''
>>>>>
>>>>> 2016-04-06 08:53:21,941 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
>>>>>
>>>>> iptables -w -F f2b-sshd
>>>>>
>>>>> iptables -w -X f2b-sshd -- stderr: "iptables v1.4.21: Couldn't load
>>>>> target `f2b-sshd':No such file or directory\n\nTry `iptables -h' or
>>>>> 'iptables --help' for more information.\niptables: No
>>>>> chain/target/match by that name.\niptables: No chain/target/match
>>>>> by
>>>>> that
>>>>>
>>>>> name.\n"
>>>>>
>>>>> 2016-04-06 08:53:21,941 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
>>>>>
>>>>> iptables -w -F f2b-sshd
>>>>>
>>>>> iptables -w -X f2b-sshd -- returned 1
>>>>>
>>>>> 2016-04-06 08:53:21,942 fail2ban.actions [3526]: ERROR
>>>>> Failed
>>>>> to execute ban jail 'sshd' action 'iptables-multiport' info
>>>>> 'CallingMap({'ipjailmatches': <function <lambda> at
>>>>> 0x7f3f3dfff938>,
>>>>> 'matches': u'Apr 6 08:53:19 bmn1 sshd[15131]: Invalid user ftpuser
>>>>> from 146.0.77.xxx\nApr 6 08:53:19 bmn1 sshd[15131]:
>>>>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
>>>>> tty=ssh ruser= rhost=146.0.77.xxx \nApr 6 08:53:21 bmn1
>>>>> sshd[15131]:
>>>>> Failed password for invalid user ftpuser from 146.0.77.xxx port
>>>>> 50352
>>>>> ssh2', 'ip': '146.0.77.xxx', 'ipmatches': <function <lambda> at
>>>>> 0x7f3f3dfff848>, 'ipfailures': <function <lambda> at
>>>>> 0x7f3f3dfff7d0>,
>>>>> 'time': 1459925601.7313, 'failures': 3, 'ipjailfailures': <function
>>>>> <lambda> at 0x7f3f3dfff758>})': Error stopping action
>>>>>
>>>>> 2016-04-06 08:53:22,865 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:22,867 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:23,424 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:23,426 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:25,339 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:25,340 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:25,738 fail2ban.actions [3526]: NOTICE
>>>>> [ssh]
>>>>> Ban 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:25,843 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-ssh[ \t]' -- stdout: ''
>>>>>
>>>>> 2016-04-06 08:53:25,843 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-ssh[ \t]' -- stderr: ''
>>>>>
>>>>> 2016-04-06 08:53:25,843 fail2ban.action [3526]: ERROR
>>>>> iptables -w -n -L INPUT | grep -q 'f2b-ssh[ \t]' -- returned 1
>>>>>
>>>>> 2016-04-06 08:53:25,843 fail2ban.CommandAction [3526]: ERROR
>>>>> Invariant check failed. Trying to restore a sane environment
>>>>>
>>>>> 2016-04-06 08:53:25,947 fail2ban.actions [3526]: NOTICE
>>>>> [sshd]
>>>>> 146.0.77.xxx already banned
>>>>>
>>>>> 2016-04-06 08:53:25,948 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-ssh
>>>>>
>>>>> iptables -w -F f2b-ssh
>>>>>
>>>>> iptables -w -X f2b-ssh -- stdout: ''
>>>>>
>>>>> 2016-04-06 08:53:25,949 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-ssh
>>>>>
>>>>> iptables -w -F f2b-ssh
>>>>>
>>>>> iptables -w -X f2b-ssh -- stderr: "iptables v1.4.21: Couldn't load
>>>>> target `f2b-ssh':No such file or directory\n\nTry `iptables -h' or
>>>>> 'iptables --help' for more information.\niptables: No
>>>>> chain/target/match by that name.\niptables: No chain/target/match
>>>>> by
>>>>> that name.\n"
>>>>>
>>>>> 2016-04-06 08:53:25,949 fail2ban.action [3526]: ERROR
>>>>> iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-ssh
>>>>>
>>>>> iptables -w -F f2b-ssh
>>>>>
>>>>> iptables -w -X f2b-ssh -- returned 1
>>>>>
>>>>> 2016-04-06 08:53:25,949 fail2ban.actions [3526]: ERROR
>>>>> Failed
>>>>> to execute ban jail 'ssh' action 'iptables-multiport' info
>>>>> 'CallingMap({'ipjailmatches': <function <lambda> at
>>>>> 0x7f3f3dfff7d0>,
>>>>> 'matches': u'Apr 6 08:53:19 bmn1 sshd[15131]: Invalid user ftpuser
>>>>> from 146.0.77.xxx\nApr 6 08:53:19 bmn1 sshd[15131]:
>>>>> pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
>>>>> tty=ssh ruser= rhost=146.0.77.xxx \nApr 6 08:53:21 bmn1
>>>>> sshd[15131]:
>>>>> Failed password for invalid user ftpuser from 146.0.77.xxx port
>>>>> 50352
>>>>> ssh2\nApr 6 08:53:22 bmn1 sshd[15140]: Invalid user ftpuser from
>>>>> 146.0.77.xxx\nApr 6 08:53:23 bmn1 sshd[15140]:
>>>>> pam_unix(sshd:auth):
>>>>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>>>>> rhost=146.0.77.xxx \nApr 6 08:53:25 bmn1 sshd[15140]: Failed
>>>>> password
>>>>> for invalid user ftpuser from 146.0.77.xxx port 50691 ssh2', 'ip':
>>>>> '146.0.77.xxx', 'ipmatches': <function <lambda> at 0x7f3f3dfff758>,
>>>>> 'ipfailures': <function <lambda> at 0x7f3f3dfff848>, 'time':
>>>>> 1459925605.738062, 'failures': 6, 'ipjailfailures': <function
>>>>> <lambda>
>>>>> at 0x7f3f3dfff938>})': Error stopping action
>>>>>
>>>>> 2016-04-06 08:53:26,498 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:26,500 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:26,523 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:26,525 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:28,182 fail2ban.filter [3526]: INFO [ssh]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:28,183 fail2ban.filter [3526]: INFO [sshd]
>>>>> Found 146.0.77.xxx
>>>>>
>>>>> 2016-04-06 08:53:28,950 fail2ban.actions [3526]: NOTICE
>>>>> [sshd]
>>>>> 146.0.77.xxx already banned
>>>>> <snap>
>>>>>
>>>>>
>>>>>
>>>>> On 07.04.2016 20:33, Alexander R. Gruber wrote:
>>>>>> Thank you Steve, for your answer.
>>>>>>
>>>>>> To your questions:
>>>>>>
>>>>>>> How do you have the load balanced rules set? are they persistent
>>>>>>> in a
>>>>>>> file that is always run from server start up?
>>>>>> -> I have a startup script, that sets the Firewall NAT rules on
>>>>>> every startup of the system in RC4.
>>>>>>
>>>>>> Every few hours f2b reloads the Firewall rules from its database
>>>>>> (according to the log) and when that happens the NAT rules vanish
>>>>>> from my server - leading to a STOP in service, as the
>>>>>> loadbalancing breaks.
>>>>>>
>>>>>> The time this happens is every few hours and always goes hand in
>>>>>> hand with the time in the f2b log where the system does the before
>>>>>> mentioned process of "resetting" and loading stuff from its
>>>>>> database.
>>>>>> So I have a strong bias towards f2b being the "culprit" as this is
>>>>>> the only process that fiddles around with the IPtables in the
>>>>>> first instance.
>>>>>>
>>>>>> I also noticed very strange things:
>>>>>>
>>>>>> <snip>
>>>>>> 2016-04-07 13:22:19,849 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:20,294 fail2ban.actions [3526]: NOTICE
>>>>>> [sshd] 183.3.202.200 already banned
>>>>>> 2016-04-07 13:22:21,836 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:21,837 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:28,687 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:28,688 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:30,912 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:30,913 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:31,306 fail2ban.actions [3526]: NOTICE
>>>>>> [sshd] 183.3.202.xxx already banned
>>>>>> 2016-04-07 13:22:31,857 fail2ban.actions [3526]: NOTICE
>>>>>> [ssh] 183.3.202.xxx already banned
>>>>>> 2016-04-07 13:22:42,443 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:42,445 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:44,260 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:44,260 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:50,860 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:50,861 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:51,329 fail2ban.actions [3526]: NOTICE
>>>>>> [sshd] 183.3.202.xxx already banned
>>>>>> 2016-04-07 13:22:53,105 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:22:53,106 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:23:00,356 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:23:00,358 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:23:01,974 fail2ban.filter [3526]: INFO
>>>>>> [ssh] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:23:01,975 fail2ban.filter [3526]: INFO
>>>>>> [sshd] Found 183.3.202.xxx
>>>>>> 2016-04-07 13:23:02,342 fail2ban.actions [3526]: NOTICE
>>>>>> [sshd] 183.3.202.xxx already banned
>>>>>> 2016-04-07 13:23:02,893 fail2ban.actions [3526]: NOTICE
>>>>>> [ssh] 183.3.202.xxx already banned
>>>>>> root@xxx:~# iptables -L
>>>>>> Chain INPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>> root@bmn1:~# sudo iptables -L
>>>>>> Chain INPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> The chain rules seem to be empty ...
>>>>>>
>>>>>> root@xxx:~# service fail2ban restart
>>>>>> * Restarting authentication failure monitor fail2ban
>>>>>> root@xxx:~# iptables -n -L
>>>>>> Chain INPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>> f2b-hn-apache-retry-ban tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>>> multiport dports 80,443
>>>>>> f2b-apache tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>>>>>> dports 80,443
>>>>>> f2b-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>>>>>> dports 22
>>>>>> f2b-php-url-fopen tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports
>>>>>> 80,443
>>>>>> f2b-apache-nohome tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports
>>>>>> 80,443
>>>>>> f2b-apache-overflows tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>>> multiport dports 80,443
>>>>>> f2b-apache-badbots tcp -- 0.0.0.0/0 0.0.0.0/0
>>>>>> multiport dports 80,443
>>>>>> f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>>>>>> dports 22
>>>>>>
>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>> target prot opt source destination
>>>>>>
>>>>>> Chain f2b-apache (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-apache-badbots (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-apache-nohome (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-apache-overflows (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-hn-apache-retry-ban (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-php-url-fopen (1 references)
>>>>>> target prot opt source destination
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-ssh (1 references)
>>>>>> target prot opt source destination
>>>>>> REJECT all -- 221.229.162.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 183.3.202.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 111.13.70.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> Chain f2b-sshd (1 references)
>>>>>> target prot opt source destination
>>>>>> REJECT all -- 221.229.162.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 186.228.90.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 183.3.202.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 14.139.46.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> REJECT all -- 111.13.70.xxx 0.0.0.0/0 reject-with
>>>>>> icmp-port-unreachable
>>>>>> RETURN all -- 0.0.0.0/0 0.0.0.0/0
>>>>>>
>>>>>> After an explicit restart, the system seems to be up and running
>>>>>> again ...
>>>>>>
>>>>>> I feel a bit at loss here ...
>>>>>>
>>>>>> Thanks for any hints!
>>>>>> Alexander
>>>>>>
>>>>>>> By design, f2b (when restarting) unblocks all blocked IP
>>>>>>> addresses
>>>>>>> within its own DB, it then removes the f2b chains from iptables.
>>>>>>> It then
>>>>>>> starts up creating the chains and re-adds the IP's that are
>>>>>>> within the
>>>>>>> selected time scale of bans.
>>>>>>>
>>>>>>> It does not remove anything other than its own chains in
>>>>>>> IPtables.
>>>>>>>
>>>>>>> How do you have the load balanced rules set? are they persistent
>>>>>>> in a
>>>>>>> file that is always run from server start up?
>>>>>>>
>>>>>>> I have a reset firewall script that once f2b is shutdown, i run
>>>>>>> and it
>>>>>>> reloads my own pre-set rules on iptables, then i fire up f2b,
>>>>>>> i've never
>>>>>>> had it remove rules, or chains that are not starting
>>>>>>> "f2b-chainname"
>>>>>>> (i.e f2b-php-url-open) etc.
>>>>>>>
>>>>>>> if you do a iptables -n -L do your f2b chains all start with
>>>>>>> chain f2b- ?
>>>>>>> if the f2b chains are missing and all your rules are not starting
>>>>>>> as
>>>>>>> above, i suppose there is a chance it could remove rules it never
>>>>>>> created, although i would doubt that.
>>>>>>>
>>>>>>> I hope this helps a little.
>>>>>>>
>>>>>>> Steve
>>>>>>
>>>>>> ---
>>>>>> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
>>>>>> https://www.avast.com/antivirus
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> Fail2ban-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>>>
>>>>>
>>>>>
>>>>> ---
>>>>> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
>>>>> https://www.avast.com/antivirus
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Fail2ban-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>
>>>
>>> ---
>>> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
>>> https://www.avast.com/antivirus
>
>
> ---
> Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
> https://www.avast.com/antivirus
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
