Hi Darren,
On a 5210r box, I get the logwatch email and I am seeing a lot of errors
relating to adding ip route commands:
What is odd here is that I have fail2ban on two other (5209r) servers
and they appear to add the block rules with iptables with many “f2b-*”
chains, but 5210r doesn’t do it that way? There are no f2b-* chains there
BlueOnyx 5210R CTs on OpenVZ 7 (Aventurin{e} 6109R) have the issue that
firewalling inside the CT is not fully working due to architectural
reasons. Firewall rules are manageable and will show as being present,
but they simply won't work.
For that reason Fail2ban uses null-routes to block offending IPs. In
your case Fail2ban attempted to create a null-route for an IP that was
already blocked - possibly by APF.
So this can be ignored.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx