Using systemd I add the following line to the firewall startup:
systemctl reload fail2ban.service &
I need the & for it to run asynchronously. It goes horribly wrong with
my distro's (ClearOS) firewall start up script if I run it in line and
adds rules twice. It may not be the neatest solution but works.
If you use sysinit(?), the following works:
[ -e /run/fail2ban/fail2ban.pid ] && service fail2ban reload
Nick
On 09/11/2016 07:41, J Mo wrote:
>
>
> Thank you for your answer. I will make my firewall application look
> for a running instance of fail2ban and restart it upon reconfiguration.
>
> For the record, I found fail2ban's documentation to be very lacking
> after looking for an answer to this.
>
>
>
> On 11/08/2016 11:28 PM, Nick Howitt wrote:
>> Short answer, it simply breaks and needs to be reloaded.
>>
>> Long answer, have a look in your logs. the fail2ban log will have
>> failure messages each time it tries to apply a rule. Also have a look in
>> at "iptables -nvL" where you will no longer see the f2b chains of the
>> INPUT rules branching to them, even after f2b tries and fails to add
>> a rule.
>>
>> Similarly, when f2b stops it generally flushes the f2b chains and rules,
>> but it also tries to unban the individual IP's from the previously
>> flushed chains and these fail. I did recently try to change the
>> actionunban rule to get it to check if the rule existed before deleting
>> the rule as an intellectual exercise but I failed as "iptables -C" still
>> returns an error which f2b logs. I could not be bothered to take it any
>> further and make the actionunban call an external script as all it would
>> do is tidy up the logs, rather than gain functionality.
>>
>> Nick
>>
>> On 09/11/2016 05:42, J Mo wrote:
>>> How does fail2ban behave when iptables rules are flushed? Does it need
>>> to be reloaded after such an event?
>>>
>>> What will happen when it tries to add or remove a rule in a chain which
>>> no longer exists? Are the chains recreated, or does fail2ban simply
>>> break?
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>> Developer Access Program for Intel Xeon Phi Processors
>>> Access to Intel Xeon Phi processor-based developer platforms.
>>> With one year of Intel Parallel Studio XE.
>>> Training and support from Colfax.
>>> Order your platform today. http://sdm.link/xeonphi
>>> _______________________________________________
>>> Fail2ban-users mailing list
>>> Fail2ban-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>> ------------------------------------------------------------------------------
>>
>>
>> Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today. http://sdm.link/xeonphi
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
