On 28-12-16 16:04, Andrea wrote: > Hi all. > > I am trying to implement a custom ban action to integrate in my current > iptables setup. > I have created a dedicated chain in order to log connections at iptables > level and I would like for fail2ban to use it as well. > AFAIK what I have so far should work however it keeps giving me errors in > the logfile: > > 2016-12-28 15:53:24,428 fail2ban.actions.action[19380]: ERROR iptables > -n -L INPUT | grep -q 'BLOCKED_IP_LOG' returned 100 > 2016-12-28 15:53:24,428 fail2ban.actions.action[19380]: ERROR Invariant > check failed. Trying to restore a sane environment > 2016-12-28 15:53:24,431 fail2ban.actions.action[19380]: ERROR iptables > -n -L INPUT | grep -q 'BLOCKED_IP_LOG' returned 100 > 2016-12-28 15:53:24,431 fail2ban.actions.action[19380]: CRITICAL Unable to > restore environment > > I don't need actionstart/actionstop since the chain is created in the > firewall script: > > /sbin/iptables -N BLOCKED_IP_LOG > /sbin/iptables -A BLOCKED_IP_LOG -j LOG -m limit --limit 10/min > --log-level 4 --log-prefix 'BLOCKED_IP_LOG: ' > /sbin/iptables -A BLOCKED_IP_LOG -j DROP > > This is my custom action configuration (derived from iptables-multiport): > > root@hpsrv:/etc/fail2ban/action.d# cat iptables-custom.conf > > [INCLUDES] > > before = iptables-blocktype.conf > > [Definition] > > actionstart = > > actionstop = > > # Option: actioncheck > # Notes.: command executed once before each actionban command > # Values: CMD > # > actioncheck = iptables -n -L <chain> | grep -q 'BLOCKED_IP_LOG' > > # Option: actionban > # Notes.: command executed when banning an IP. Take care that the > # command is executed with Fail2Ban user rights. > # Tags: See jail.conf(5) man page > # Values: CMD > # > actionban = iptables -I <chain> 1 -s <ip> -j BLOCKED_IP_LOG > > # Option: actionunban > # Notes.: command executed when unbanning an IP. Take care that the > # command is executed with Fail2Ban user rights. > # Tags: See jail.conf(5) man page > # Values: CMD > # > actionunban = iptables -D <chain> -s <ip> -j BLOCKED_IP_LOG > > [Init] > > # Default name of the chain > # > name = default > > # Option: port > # Notes.: specifies port to monitor > # Values: [ NUM | STRING ] Default: > # > port = ssh > > # Option: protocol > # Notes.: internally used by config reader for interpolations. > # Values: [ tcp | udp | icmp | all ] Default: tcp > # > protocol = tcp > > # Option: chain > # Notes specifies the iptables chain to which the fail2ban rules should be > # added > # Values: STRING Default: INPUT > chain = INPUT > > > What am I doing wrong?
What happens when you run: /sbin/iptables -N BLOCKED_IP_LOG and then run execute the failing f2b check command: iptables -n -L INPUT | grep -q 'BLOCKED_IP_LOG' You probably need to alter the "chain = INPUT" variable to your contain custom chain name. > > Thanks > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
