Re: [Fail2ban-users] iptables chains not created

Thu, 20 Jun 2019 17:13:50 -0700 

I use an ipset so I'm not authoritative on this, but I think the chains are only
created when you get an actual ban.

Have you tried using fail2ban-regex? I'm not familiar where the SSH log file
is on Ubuntu.  Here's an example for the Apache error log on Fedora:
fail2ban-regex /var/log/httpd/error_log 
/etc/fail2ban/filter.d/apache-noscript.local
This will show you what filter matches are found in the log file.

For help, you should post a log line that should trigger a ban, your SSH filter,
and the [sshd] portion of your jail.

Bill


On 6/20/2019 5:23 PM, Michael Fox wrote:


2^nd request.

I really could use some help here …

Thanks,

Michael

*From:* Michael Fox <[email protected]>
*Sent:* Monday, June 17, 2019 5:03 PM
*To:* Fail2Ban-Users Distribution List <[email protected]>
*Subject:* iptables chains not created
I’ve been a fail2ban user on Ubuntu for several years.  I’m finally building a Ubuntu 18.04 machine.  I installed the fail2ban package (v0.10.2) from Synaptic and tried using my previous jail.local configuration.  But after starting/reloading fail2ban, the jails are not being populated in iptables.  In other words, “sudo iptables -n -L” shows no “f2b-…” chains. 

When I start or reload fail2ban:

I see no errors in the fail2ban log.  But I do see “Jail sshd is not a 
JournalFilter instance”.  I don’t know what that’s about.

I see no errors in the syslog

systemctl status shows no errors

fail2ban-client status shows no errors, and “-d” appears correct (as far as I 
can tell).

Nevertheless, no chains are not created in iptables when fail2ban is 
started/reloaded.

I removed all .local jail files, which leaves only the sshd jail turned on by 
jail.d/defaults_debian.conf.  Still no joy.

I added back in only my own .local sshd config.  Still no joy.
By no joy, I mean there is no “f2b-sshd” chain in iptables, yet there are no errors reported in the logs and fail2ban-client shows that the sshd jail is active. 

Is this a known bug?

If so, what’s the solution?

If not, what information is needed to troubleshoot?

Thanks,

Michael



_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to