On Wed, 2015-08-05 at 09:51 -0500, Harrison Johnson wrote:
> Tom,
> The only thing I see is you have in sendmail-iptables enable = true
> and it should be enabled = true.
>
> On Wed, 2015-08-05 at 15:52 +1000, Tom Robinson wrote:
>
> > Hi All,
> >
> > I hope someone can help and that it's just a simple oversight on my part.
> > I've been looking at this
> > for too long now to see things clearly.
> >
> > Today I installed fail2ban on CentOS 6 and got the rpm for fail2ban from
> > EPEL (0.9.2).
> >
> > My first jail was configured easily (SSH) and was working really well
> > blocking with a additional
> > custom regex in /etc/fail2ban/filter.d/sshd.conf:
> >
> > ^%(__prefix_line)sReceived disconnect from <HOST>: 11: Bye Bye\s*$
> >
> > On the back of such success I decided to add another jail for sendmail.
> >
> > Arrgh! The sendmail-iptables jail just won't load! I have gone over the
> > config again and again. :-(
> > Maybe someone here has a clue?
> >
> > Here's what I get after server startup:
> >
> > # fail2ban-client status sendmail-iptables
> > ERROR NOK: ('sendmail-iptables',)
> > Sorry but the jail 'sendmail-iptables' does not exist
> >
> > And my jail.local:
> >
> > # cat jail.local
> > [sendmail-iptables]
> > enable = true
> > filter = sendmail-reject
> > action = iptables-multiport-log[name=SENDMAIL,
> > port="smtps,smtp,submission", protocol=tcp]
> > sendmail-whois[name=SENDMAIL, dest=root, sender=email@mydomain]
> > logpath = %(syslog_mail)s
> > maxretry = 5
> >
> > [ssh-iptables]
> > enabled = true
> > filter = sshd
> > action = iptables[name=SSH, port=ssh, protocol=tcp]
> > sendmail-whois[name=SSH, dest=root, sender=email@mydomain]
> > logpath = %(syslog_authpriv)s
> > maxretry = 5
> >
> > And the status, etc...
> >
> > # fail2ban-client status
> > Status
> > |- Number of jail: 1
> > `- Jail list: ssh-iptables
> >
> > # fail2ban-client status ssh-iptables
> > Status for the jail: ssh-iptables
> > |- Filter
> > | |- Currently failed: 0
> > | |- Total failed: 0
> > | `- File list: /var/log/secure
> > `- Actions
> > |- Currently banned: 0
> > |- Total banned: 0
> > `- Banned IP list:
> >
> > Now, when I add sendmail-iptables manually all seems well:
> >
> > # fail2ban-client add sendmail-iptables
> > Added jail sendmail-iptables
> > # fail2ban-client status
> > Status
> > |- Number of jail: 2
> > `- Jail list: sendmail-iptables, ssh-iptables
> >
> > # fail2ban-client status sendmail-iptables
> > Status for the jail: sendmail-iptables
> > |- Filter
> > | |- Currently failed: 0
> > | |- Total failed: 0
> > | `- File list:
> > `- Actions
> > |- Currently banned: 0
> > |- Total banned: 0
> > `- Banned IP list:
> >
> >
> > But there are no iptables CHAINS created for f2b-SENDMAIL!
> >
> > # iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh
> > ...8<...
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > ...8<...
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > ...8<...
> >
> > Chain f2b-SSH (1 references)
> > target prot opt source destination
> > RETURN all -- anywhere anywhere
> >
> > :^(
> >
> > So, fail2ban fails to add sendmail-iptables on startup of the init service
> > script
> > (/etc/init.d/fail2ban). I can 'add' it manually but it only 'half' loads as
> > the are no iptables
> > entries for creating banning rules.
> >
> > I'm just not seeing where it's failing. Can someone please hit me with a
> > clue stick!
> >
> > Kind regards,
> > Tom
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
