Hi guys
I run off centOS 9 and have noticed a weird "misbehavior" and I wonder
if you guys could confirm you have seen it too and/or perhaps would try
to reproduce.
I don't know inner working of f2b, don't know the code so I cannot say
when, under what circumstances f2b creates 'table' but..
I've noticed that there is no table after f2b started, which should be:
table ip filter
and perhaps f2b creates that table(s) only after it noticed very first
dodgy activity(whatever we told f2b such things should be), also...
the system f2b runs on had no 'bans' in the past - think of it as a
first f2b run/start.
So, I have f2b up & running and now - the part I think is critical to
reproduce - I add an iface(literally attach a physical NIC) from/via
which(public facing connection) that dodgy activity will start to appear
in the system/logs - again, f2b was already running.
Now, I see in 'sshd' - as an example - that failures start to get logged
but - still no !! action on/from f2b: no 'nft' table still, nor
'fail2ban-client' reports something.
I have to (for this "issue") restart 'fail2ban.service' _manually_ to
get f2b (immediately) notice that illegal activities and then 'nft'
bits, that table, f2b creates then too.
This will qualify as fundamental flaw/hole, if can be confirmed.
I have unfortunately no means to reproduce this in earlier version of
centOS vs centOS 9 - to tell if this is f2b regardless of platforms and
versions.
Looking forward to hear your findings & thoughts.
many thanks, L.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
