[Fail2ban-users] F2b incorrectly reporting banned

Sat, 08 May 2021 13:07:22 -0700

Okay, something is up here. I'm still getting hammered by these idiots who are querying pizzaseo.com from my name server. So I looked at the list of banned IPs using iptables-save. Not that many. But when I was working on this I had a kludge script that would be run every 10 minutes, grep the logs, and insert an IPTables rule against anyone who was querying that domain. It also kept a list. That list is nearly 400 IPs long! So I was curious. I look at fail2ban.log. It's noticing everything okay, but it keeps saying the hosts are already banned. They are not. So how do I fix this? Here's an example of what I mean: 

# grep -c 2.169.102.71 /var/log/named/named.log
6029

# iptables-save | grep 2.169.102.71
<nothing>

# grep 2.169.102.71 /var/log/fail2ban.log | grep -c already
1454I don't know if f2b's database is screwed up or what. I tried using fail2ban-client unban 2.169.102.71 to see if by unbanning it f2b would re-add it to the database. But it doesn't happen. I've never tried an unban before, so I don't know what the normal output is, but all I see is a 1 by itself, with a return code of 0.
I can go back to my kludge script for now, but I'd really like to get f2b working! 


--
Dan Egli
From my Test Server

Attachment: OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to