What I am finding really odd is there there is essentially no difference
between /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf and
/etc/fail2ban/action.d/iptables-ipset-proto6.conf yet the second one
works as I expected, without passing the bantime in the action line.
[root@dynamicvpn ~]# diff
/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
/etc/fail2ban/action.d/iptables-ipset-proto6.conf
14c14
< # modules which probably won't be protocol version 6.
---
> # modules.
30c30
< <iptables> -I <chain> -m set --match-set <ipmset> src -j
<blocktype>
---
> <iptables> -I <chain> -p <protocol> -m multiport
--dports <port> -m set --match-set <ipmset> src -j <blocktype>
42c42
< actionstop = <iptables> -D <chain> -m set --match-set <ipmset> src -j
<blocktype>
---
> actionstop = <iptables> -D <chain> -p <protocol> -m multiport
--dports <port> -m set --match-set <ipmset> src -j <blocktype>
So why does one work and not the other?
Yours, truly puzzled.
On 27/05/2020 21:32, Nick Howitt wrote:
Brilliant. That works, thanks. I had tried the same with a space
separator instead of a comma and f2b wouldn't load the jail.
I do find it odd that the normal way of specifying bantime does not
work with this jail.
Nick
On 27/05/2020 21:09, Bill Shirley wrote:
My version: fail2ban-server-0.11.1-6.fc32.noarch
On your {sshd] jail, use:
action = iptables-ipset-proto6-allports[*name*=sshd,*bantime*=86400]
Look at /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
for actionban:
actionban = ipset add <*ipmset*> <ip> timeout <*bantime*> -exist
[Init]
bantime = 600 <-- this default is used if not on the invocation line*
ipmset* = f2b-<*name*>
You pass the <arguments> in the invocation [...,bantime=86400].
<ipmset> is created in the [Init] section with the ipmset =
from the passed <name> argument. Fail2ban supplies <ip>.
Bill
On 5/27/2020 11:41 AM, Nick Howitt wrote:
Hello Bill,
The countdown is working correctly but from 600 which is the
"bantime" setting in iptables-ipset-proto6-allports.conf. I am
wanting to override it on a per-jail basis, in this example to
86400. It seems that iptables-ipset-proto6-allports.conf does not
use the override. I can override it in
iptables-ipset-proto6-allports.local, but this is an override for
all jails using this action.
Do you know how to achieve this?
Thanks,
Nick
On 27/05/2020 14:11, Bill Shirley wrote:
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Timeout here is the *default* timeout. Look at the actual entry.
It should be counting down
between the two ipset commands.
ipset -L | grep -e Name -e 8.8.8.8
Where 8.8.8.8 is the actual IP address.
Bill
On 5/26/2020 9:52 AM, Nick Howitt wrote:
I've just noticed that the sshd jail is not using the bantime set
in a configlet in /etc/fail2ban/jail.d:
[sshd]
enabled = true
bantime = 86400
action = iptables-ipset-proto6-allports[name=sshd]
[root@dynamicvpn ~]# ipset list f2b-sshd -terse
Name: f2b-sshd
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Size in memory: 13368
References: 1
Number of entries: 144
I can see there is a a timeout in
iptables-ipset-proto6-allports.conf but changing this, e.g, with
.local file, changes it for all jails. Is it possible to set the
timeout for this action on a per-jail basis?
I'm using f2b 0.10.5.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
