On Fri, 21 Apr 2017, cont...@rudloff.pro wrote: > Package: fail2ban > Version: 0.8.13-1 > Severity: important
> Dear Maintainer, > When trying to use fail2ban with the default config (only the ssh jail > enabled), > it does not seem to be able to ban IPs because of iptables errors: > 2017-04-21 15:06:08,768 fail2ban.jail [26836]: INFO Creating new jail > 'ssh' > 2017-04-21 15:06:08,772 fail2ban.jail [26836]: INFO Jail 'ssh' uses > poller > 2017-04-21 15:06:08,926 fail2ban.jail [26836]: INFO Initiated 'polling' > backend > 2017-04-21 15:06:08,935 fail2ban.filter [26836]: INFO Added logfile = > /var/log/auth.log > 2017-04-21 15:06:08,940 fail2ban.filter [26836]: INFO Set maxRetry = 6 > 2017-04-21 15:06:08,951 fail2ban.filter [26836]: INFO Set findtime = 600 > 2017-04-21 15:06:08,956 fail2ban.actions[26836]: INFO Set banTime = 600 > 2017-04-21 15:06:09,343 fail2ban.jail [26836]: INFO Jail 'ssh' started > 2017-04-21 15:06:09,439 fail2ban.actions.action[26836]: ERROR iptables -N > fail2ban-ssh > iptables -A fail2ban-ssh -j RETURN > iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned > 100 > If I run the commands mannually, I get this: > pierre@BMO ~> sudo iptables -N fail2ban-ssh > iptables: Chain already exists. so you have the chain already... from amount of information provided I cannot guess either it is misinteraction with the firewall or misconfiguration (although you said that it is the default configuration) or something else... sorry try to stop fail2ban, cleanse all the fail2ban entries from the firewall and try to start it again -- if it fails to start then -- provide full log file for that run not just an excerpt -- Yaroslav O. Halchenko Center for Open Neuroscience http://centerforopenneuroscience.org Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik
