Hello again, I now have version 0.9.7 installed but not actually working very well. On the previous installation, I had needed to butcher some of the regular expressions so that they would be triggered. With the arrival of 0.9.7, the stock expressions are back, and they are not catching as much.
Also, the changes have not prevented the failure to stop nicely:- ---%<--- [Gentoo] graham@kevin $ sudo -v && time ( sudo /etc/init.d/shorewall restart && sudo /etc/init.d/fail2ban restart ) Password for graham@kevin: * Stopping shorewall ... [ ok ] * Starting shorewall ... [ ok ] * Stopping fail2ban ... * start-stop-daemon: 1 process refused to stop * Failed to stop fail2ban [ !! ] * ERROR: fail2ban failed to stop real 1m2.495s user 0m35.794s sys 0m10.741s load 74.46% Wed Aug 16 01:52:40 --->%--- You may like to have a look at a bug report for Gentoo on what I think is the same topic:- https://bugs.gentoo.org/show_bug.cgi?id=618138 I incorporated the change suggested there into the service script on my computer, and restarted the service. While a single instance is not a representative sample, I see that the command takes longer but runs cleanly:- ---%<--- [Gentoo] graham@kevin $ sudo -v && time sudo /etc/init.d/fail2ban restart Password for graham@kevin: * Stopping fail2ban ... [ ok ] * Starting fail2ban ... 2017-08-16 15:47:54,088 fail2ban.server [23071]: INFO Starting Fail2ban v0.9.7 2017-08-16 15:47:54,098 fail2ban.server [23071]: INFO Starting in daemon mode [ ok ] real 1m12.196s user 0m37.613s sys 0m2.371s load 55.38% Wed Aug 16 15:48:20 / --->%--- Thanks, Graham On 10 August 2017 at 03:55, Brian Flaherty <b...@yahoo.com> wrote: > Thanks for bumping this. I am not sure what package should fix this, but I > don't think it is an error in fail2ban, I think the problem is that systemd > doesn't start shorewall before fail2ban, so the firewall structure is not > running yet. I've "fixed" the problem by adding > > shorewall.service > > to the After line in the fail2ban.service file in /lib/systemd/system. > > > /lib/systemd/system# cat fail2ban.service > [Unit] > Description=Fail2Ban Service > Documentation=man:fail2ban(1) > After=network.target iptables.service firewalld.service shorewall.service > PartOf=iptables.service firewalld.service > > [Service] > Type=forking > ExecStart=/usr/bin/fail2ban-client -x start > ExecStop=/usr/bin/fail2ban-client stop > ExecReload=/usr/bin/fail2ban-client reload > PIDFile=/var/run/fail2ban/fail2ban.pid > Restart=always > > [Install] > WantedBy=multi-user.target > > > I have to redo it every time fail2ban is upgraded. > > Brian > > >
