Re: [Fail2ban-users] already banned IP showing over and over in fail2ban.log, recidive not triggered?

Thu, 12 Mar 2020 08:58:25 -0700 

>
>
> > But there are those "already banned" warnings like the following, so why
> would the IP have access if it was
> > already?banned?
> >
> > 2020-03-11 11:14:38,796 fail2ban.actions? ? ? ? [1539290]: WARNING
> > [pam-generic] 150.136.217.144 already banned?
>
> Probably firewall is not configured properly. Fail2ban banned
> 150.136.217.144 and triggerd action to make firewall block this
> address before. But actually status of firewall didn't changed so it
> blocks this adress. Then inconsistency happend about blocking status
> between fail2ban and firewall.
>
> ---
> Yasuhiro KIMURA
>

Well the firewall is firewalld. And the status shows it's good. Below are
some other firewalld commands and ipset results.

systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
   Active: active (running) since Sun 2020-02-02 02:22:56 EST; 1 months 8
days ago
     Docs: man:firewalld(1)
 Main PID: 1462547 (firewalld)
    Tasks: 3 (limit: 76733)
   Memory: 38.5M
      CPU: 27min 44.617s
   CGroup: /system.slice/firewalld.service
           └─1462547 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.

firewall-cmd --direct --get-all-rules
ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http,https -m set
--match-set f2b-nginx-botsearch src -j REJECT --reject-with
icmp-port-unreachable

ipset list
Name: f2b-sshd
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 21976
References: 0
Number of entries: 0
Members:

Name: f2b-pam-generic
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 10456
References: 0
Number of entries: 0
Members:

Name: f2b-apache-botsearch
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 9592
References: 0
Number of entries: 0
Members:
Name: f2b-apache-noscript
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 6328
References: 0
Number of entries: 0
Members:

Name: f2b-apache-auth
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 1144
References: 0
Number of entries: 0
Members:

Name: f2b-nginx-botsearch
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 3600
Size in memory: 568
References: 1
Number of entries: 0
Members:

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to