On 08/05/2021 19:03, Dan Egli wrote:
Okay, something is up here. I'm still getting hammered by these idiots
who are querying pizzaseo.com from my name server. So I looked at the
list of banned IPs using iptables-save. Not that many. But when I was
working on this I had a kludge script that would be run every 10
minutes, grep the logs, and insert an IPTables rule against anyone who
was querying that domain. It also kept a list. That list is nearly 400
IPs long! So I was curious. I look at fail2ban.log. It's noticing
everything okay, but it keeps saying the hosts are already banned. They
are not. So how do I fix this? Here's an example of what I mean:
# grep -c 2.169.102.71 /var/log/named/named.log
6029
# iptables-save | grep 2.169.102.71
<nothing>
# grep 2.169.102.71 /var/log/fail2ban.log | grep -c already
1454I don't know if f2b's database is screwed up or what. I tried using
fail2ban-client unban 2.169.102.71 to see if by unbanning it f2b would
re-add it to the database. But it doesn't happen. I've never tried an
unban before, so I don't know what the normal output is, but all I see
is a 1 by itself, with a return code of 0.
I can go back to my kludge script for now, but I'd really like to get
f2b working!
So what does the f2b log show? perhaps try restarting it and watch for
errors. If the IP is showing banned in the logs, what does the firewall
show?
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
