Re: [Fail2ban-users] fail2ban with iptables and "invalid port/service"

Thu, 15 Jul 2021 22:26:27 -0700 

On 16/07/2021 03:06, Alex wrote:

Hi,

I'm trying to use fail2ban with iptables because it's what I'm most
comfortable using and this is on a real server with an extensive list
of rules, not a home desktop.

I have the following in my jail.d/00-firewalld.conf:
banaction = iptables
banaction_allports = iptables[type=allports]

On restarting fail2ban, it produces the following errors:

2021-07-15 22:01:50,070 fail2ban.actions        [2047644]: NOTICE
[postfix] Ban 212.70.149.71
2021-07-15 22:01:50,088 fail2ban.utils          [2047644]: ERROR
7fad2804c3f0 -- exec: iptables -w -N f2b-postfix iptables -w -A
f2b-postfix -j RETURN
iptables -w -I INPUT -p tcp --dport smtp,465,submission -j f2b-postfix
2021-07-15 22:01:50,088 fail2ban.utils          [2047644]: ERROR
7fad2804c3f0 -- stderr: "iptables v1.8.5 (legacy): invalid
port/service `smtp,465,submission' specified"
2021-07-15 22:01:50,089 fail2ban.utils          [2047644]: ERROR
7fad2804c3f0 -- stderr: "Try `iptables -h' or 'iptables --help' for
more information."
2021-07-15 22:01:50,089 fail2ban.utils          [2047644]: ERROR
7fad2804c3f0 -- returned 2
2021-07-15 22:01:50,089 fail2ban.actions        [2047644]: ERROR
Failed to execute ban jail 'postfix' action 'iptables' info
'ActionInfo({'ip': '212.70.149.71', 'family': 'inet4', 'fid':
<function Actions.ActionInfo.<lambda> at 0x7fad28111280>,
'raw-ticket': <function Actions.ActionInfo.<lambda> at
0x7fad28111940>})': Error starting action Jail('postfix')/iptables:
'Script error'
2021-07-15 22:01:50,110 fail2ban.actions        [2047644]: NOTICE
[postfix-sasl] Ban 24.249.23.200
2021-07-15 22:01:50,125 fail2ban.utils          [2047644]: ERROR
7fad0c362e30 -- exec: iptables -w -N f2b-postfix-sasl

This is with the default postfix.conf. Here are my jail.conf settings:

[postfix]
# To use another modes set filter parameter "mode" in jail.local:
mode = aggressive
#mode    = more
port    = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 3
findtime = 24h
bantime  = 1h
enabled = true

[postfix-rbl]
filter   = postfix[mode=rbl]
port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
maxretry = 3
findtime = 24h
bantime = 1h
enabled = true

What am I doing wrong? Is fail2ban no longer capable of supporting iptables?
fail2ban definitely still support iptables. Did you lose file /etc/services (which defines the port names)? Or try googling 'iptables invalid port/service'. 


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to