Bug#860896: fail2ban: iptables returned 100

Thu, 11 May 2017 01:40:03 -0700 

Hello,

Le 11/05/2017 à 03:44, Yaroslav Halchenko a écrit :

try to stop fail2ban, cleanse all the fail2ban entries from the firewall
and try to start it again -- if it fails to start then -- provide full
log file for that run not just an excerpt


I already tried that several times.

When stopping fail2ban, it seems to correctly remove fail2ban-ssh chain 
from iptables and here are the things remaining:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Here are the full logs I get when I start fail2ban after that:

2017-05-11 10:16:32,533 fail2ban.server [13737]: INFO    Changed logging target 
to /var/log/fail2ban.log for Fail2ban v0.8.13
2017-05-11 10:16:32,538 fail2ban.jail   [13737]: INFO    Creating new jail 'ssh'
2017-05-11 10:16:32,543 fail2ban.jail   [13737]: INFO    Jail 'ssh' uses poller
2017-05-11 10:16:32,712 fail2ban.jail   [13737]: INFO    Initiated 'polling' 
backend
2017-05-11 10:16:32,721 fail2ban.filter [13737]: INFO    Added logfile = 
/var/log/auth.log
2017-05-11 10:16:32,726 fail2ban.filter [13737]: INFO    Set maxRetry = 6
2017-05-11 10:16:32,737 fail2ban.filter [13737]: INFO    Set findtime = 600
2017-05-11 10:16:32,742 fail2ban.actions[13737]: INFO    Set banTime = 600
2017-05-11 10:16:33,114 fail2ban.jail   [13737]: INFO    Jail 'ssh' started
2017-05-11 10:16:33,224 fail2ban.actions.action[13737]: ERROR   iptables -N 
fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100


And here is my iptables after that:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere



If I leave it running I get iptables errors again when it tries to ban 
an IP address:

2017-05-11 08:51:53,412 fail2ban.actions[2277]: WARNING [ssh] Ban 
217.197.240.117
2017-05-11 08:51:53,430 fail2ban.actions.action[2277]: ERROR   iptables -n -L 
INPUT | grep -q 'fail2ban-ssh[ \t]' returned 100
2017-05-11 08:51:53,431 fail2ban.actions.action[2277]: ERROR   Invariant check 
failed. Trying to restore a sane environment
2017-05-11 08:51:53,504 fail2ban.actions.action[2277]: ERROR   iptables -N 
fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100



I tried purging the package to be sure I use the default configuration 
but I still get the same errors.


Regards,























					Reply via email to