Hi all. I am trying to implement a custom ban action to integrate in my current iptables setup. I have created a dedicated chain in order to log connections at iptables level and I would like for fail2ban to use it as well. AFAIK what I have so far should work however it keeps giving me errors in the logfile:
2016-12-28 15:53:24,428 fail2ban.actions.action[19380]: ERROR iptables -n -L INPUT | grep -q 'BLOCKED_IP_LOG' returned 100 2016-12-28 15:53:24,428 fail2ban.actions.action[19380]: ERROR Invariant check failed. Trying to restore a sane environment 2016-12-28 15:53:24,431 fail2ban.actions.action[19380]: ERROR iptables -n -L INPUT | grep -q 'BLOCKED_IP_LOG' returned 100 2016-12-28 15:53:24,431 fail2ban.actions.action[19380]: CRITICAL Unable to restore environment I don't need actionstart/actionstop since the chain is created in the firewall script: /sbin/iptables -N BLOCKED_IP_LOG /sbin/iptables -A BLOCKED_IP_LOG -j LOG -m limit --limit 10/min --log-level 4 --log-prefix 'BLOCKED_IP_LOG: ' /sbin/iptables -A BLOCKED_IP_LOG -j DROP This is my custom action configuration (derived from iptables-multiport): root@hpsrv:/etc/fail2ban/action.d# cat iptables-custom.conf [INCLUDES] before = iptables-blocktype.conf [Definition] actionstart = actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = iptables -n -L <chain> | grep -q 'BLOCKED_IP_LOG' # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = iptables -I <chain> 1 -s <ip> -j BLOCKED_IP_LOG # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = iptables -D <chain> -s <ip> -j BLOCKED_IP_LOG [Init] # Default name of the chain # name = default # Option: port # Notes.: specifies port to monitor # Values: [ NUM | STRING ] Default: # port = ssh # Option: protocol # Notes.: internally used by config reader for interpolations. # Values: [ tcp | udp | icmp | all ] Default: tcp # protocol = tcp # Option: chain # Notes specifies the iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT What am I doing wrong? Thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
