On 06/10/2015 05:55 AM, Gregory Machin wrote: > Hi. [snip]
> I get the following errors when I use banaction = firewallcmd-ipset > > 2015-06-10 11:24:07,944 fail2ban.action [26480]: ERROR ipset create > fail2ban-recidive hash:ip timeout 604800 > firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -m multiport > --dports all -m set --match-set fail2ban-recidive src -j REJECT --reject-with > icmp-port-unreachable -- stdout: "\x1b[91mError: COMMAND_FAILED: > '/sbin/iptables -t filter -I INPUT_direct 16 -p all -m multiport --dports all > -m set --match-set fail2ban-recidive src -j REJECT --reject-with > icmp-port-unreachable' failed: iptables v1.4.21: multiport needs `-p tcp', > `-p udp', `-p udplite', `-p sctp' or `-p dccp'\nTry `iptables -h' or > 'iptables --help' for more information.\x1b[00m\nFailed to apply rules. A > firewall reload might solve the issue if the firewall has been modified using > ip*tables or ebtables.\n" > 2015-06-10 11:24:07,945 fail2ban.action [26480]: ERROR ipset create > fail2ban-recidive hash:ip timeout 604800 > firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -m multiport > --dports all -m set --match-set fail2ban-recidive src -j REJECT --reject-with > icmp-port-unreachable -- stderr: '' > 2015-06-10 11:24:07,951 fail2ban.action [26480]: ERROR ipset create > fail2ban-recidive hash:ip timeout 604800 > firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -m multiport > --dports all -m set --match-set fail2ban-recidive src -j REJECT --reject-with > icmp-port-unreachable -- returned 13 > 2015-06-10 11:24:07,952 fail2ban.actions [26480]: ERROR Failed to > start jail 'recidive' action 'firewallcmd-ipset': Error starting action > > When I use banaction = firewallcmd-new most of the jails cause similar > errors. > > Can some advise where the issue may be ? Did you install ipset? Can you provide the output of "ipset --version"? > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
