On Thu, Nov 16, 2017 at 05:04:50AM -0300, Robert Gilaard wrote:
Dear fail2ban Community,On my Ubuntu server 16.04 instance fail2ban keeps crashing and restarting. In my iptables-multiport.conf file under actionstart I have a Line to add a ip.blacklist file with fixed address that sshd OR other services feed. The command is exactly: cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I f2b-<name> 1 -s $ip -j DROP; done However, my ip.blacklist file has now already 63169 different ip addresses. Can this be the reason fail2ban-client status asks me if fail2ban is running and ufw status verbose tells me "Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
If you're using ufw to manage your firewall, then you probably don't want to be using the iptables-* actions in fail2ban. Most firewall frontends maintain their own state of how the firewall should look and convert this into netfilter tables (either by calling the iptables cli or by interfacing directly with the kernel). If you have two different frontends controlling the firewall (ufw and iptables), then you'll probably hit issues with one not knowing about the rules the other has instated.
In other words, if you use ufw to manage your firewall, use the ufw action within fail2ban. This will allow fail2ban to tell ufw that you want to ban an IP and ufw will adjust its rules accordingly and apply that to the (kernel) firewall.
Other benefits of this approach? If you restart ufw while fail2ban is banning an IP, ufw will reinstate the ban because it knows you want it banned.
What can cause this? Robert -- --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
-- For more information, please reread.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
