On 10/02/2016 06:46 PM, Alex wrote: > Hi, > I'm using fail2ban-0.9.3 on fedora22 and have configured it with > firewalld and ipset. I'm more familiar with iptables, not this new > firewalld layout, so I'm really not sure how to tell if it's working > properly. > > I have a postfix-sasl jail configured as such: > > [postfix-sasl] > #port = smtp,465,submission > port = smtp,587,submission > logpath = %(postfix_log)s > enabled = true > logencoding=utf-8 > > /var/log/fail2ban.log shows these entries: > > fail2ban.filter [19398]: INFO [postfix-sasl] Found 12.234.0.173 > fail2ban.actions [19398]: NOTICE [postfix-sasl] Ban 12.234.0.173 > > ipset list shows me: > > Name: fail2ban-postfix-sasl > Type: hash:ip > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 timeout 5200 > Size in memory: 1856 > References: 1 > Members: > 12.234.0.173 timeout 4068 > 179.189.205.12 timeout 152 > 184.2.47.206 timeout 390 > 113.69.178.121 timeout 1522 > > Does this say that 12.234.0.173 is indeed currently blocked on port > 589 for the next 4068 seconds? > > firewalld is running, but I don't know how to produce a list of all > IPs that are currently being blocked. "iptables -nL", as I usually > would run, shows there are no entries for any of the chains that are > listed (except for 192.168.122.0/24 as part of virbr0). Does that mean > the rules aren't being added properly by fail2ban?
I suspect something isn't setting up the ipset rule properly in the first place. Check /var/log/fail2ban.log around the time of fail2ban startup. Also, are you sure you're using a firewalld action? What does 'fail2ban-client get postfix-sasl action' show? Finally, Fedora 22 is EOL and you really should upgrade. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.cora.nwra.com ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
