Perhaps a silly question but can "actioncheck" be modified to reload
f2b (therefore recreate the chain) if the check fails or is the risk
of a restart loop too high? I don't need to do it as I've got round
the issue but I'm thinking more for the others.
Nick
What I've found on my system (ClearOS) is, from the way the system is
implemented, that a firewall restart can happen for all sorts of
reasons. When it happens all f2b rules and chains get wiped. Clearly at
this point, if f2b tries to add a block it will fail.
To get round this I had to add a "
Hi,
You have firewall rules disappearing out of the blue, and you also have
fail2ban chains missing out of the blue (see error log below).
Seems to be you need to look for a third process meddling with your
firewall, both f2b and your loadbalancer rules are ruined over by some
other process.
Re
Hello Bill,
there is no Load-Balancer on the machine. The machine is a simple
webnode, where a loadbalancer sends requests to, which are then answered
by the node - directly to the requesting client.
This is done by simple iptable rules:
root@xxx:/etc/network/if-pre-up.d# iptables -L -t nat
As far as I know, fail2ban never "reloads" the firewall rules. fail2ban just
manages its chains. Perhaps there's something
in the "load-balancer" doing this.
You should list your action rules and jail.
-> I have a startup script, that sets the Firewall NAT rules on every startup
of the system
My method, via /etc/clearos/firewall.d/local or a special file in the
same folder is not applicable to you. You'd need feedback from a Ubuntu
user who knows where their firewall (re)starts from.
On 2016-04-07 13:34, Alexander R. Gruber wrote:
> My iptables seems to accept the -w (--wait) switch,
My iptables seems to accept the -w (--wait) switch, so that should not
be a problem.
I've added my firewall rules to the /etc/network/if-pre-up.d/ directory
- to be exact I've done this:
#!/bin/sh
/etc/init.d/firewall-n1 start
Which is the script to set up the NAT rules for the loadbalancing.
M
I seem to think your version of iptables may support the -w switch. Try
a full command. If it does not, I can't remember where in the f2b
actions to make the change. It is one of the default settings. I may be
able to find out when I get home.
For firewall restarting, all sorts of things could
Hallo Nick!
# iptables -V
iptables v1.4.21
# iptables -w
iptables v1.4.21: no command specified
Try `iptables -h' or 'iptables --help' for more information.
What you said before - that the firewall rules need to be loaded at
every start/restart of the firewall itself, not only on system start
a
What version of iptables are you running? My version (I can't check at
the moment) and any el6 derivative does not support the -w switch so it
needs to be removed from the f2b configs.
Nick
On 2016-04-07 12:50, Alexander R. Gruber wrote:
> Sorry for replying to myself, but I found a lot of erro
Are you sure your set up is correct. If you always want firewall rules
to be loaded they need to be loaded on firewall (re)start and not on
system start?
Nick
On 2016-04-07 12:33, Alexander R. Gruber wrote:
> Thank you Steve, for your answer.
>
> To your questions:
>
>> How do you have the lo
Sorry for replying to myself, but I found a lot of errors in the log
that might have to do with the problem at hand:
2016-04-06 08:53:19,351 fail2ban.filter [3526]: INFO[ssh] Found
146.0.77.xxx
2016-04-06 08:53:19,352 fail2ban.filter [3526]: INFO[sshd] Found
146.0.77.x
Thank you Steve, for your answer.
To your questions:
> How do you have the load balanced rules set? are they persistent in a
> file that is always run from server start up?
-> I have a startup script, that sets the Firewall NAT rules on every startup
of the system in RC4.
Every few hours f2b r
By design, f2b (when restarting) unblocks all blocked IP addresses
within its own DB, it then removes the f2b chains from iptables. It then
starts up creating the chains and re-adds the IP's that are within the
selected time scale of bans.
It does not remove anything other than its own chains i
Hello,
I've installed fail2ban on my webserver nodes, which sit behind a
Loadbalancer.
System is Ubuntu 14.04, fail2ban is version v0.9.4
I noticed that fail2ban seems to "recover" from time to time, reloading
firewall rules from some persistent database.
The problem: When this happens, the NA
15 matches
Mail list logo