Your message dated Thu, 11 May 2017 10:51:43 -0400
with message-id <[email protected]>
and subject line Re: Bug#860896: fail2ban: iptables returned 100
has caused the Debian Bug report #860896,
regarding fail2ban: iptables returned 100
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
860896: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860896
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: fail2ban
Version: 0.8.13-1
Severity: important
Dear Maintainer,
When trying to use fail2ban with the default config (only the ssh jail enabled),
it does not seem to be able to ban IPs because of iptables errors:
2017-04-21 15:06:08,768 fail2ban.jail [26836]: INFO Creating new jail 'ssh'
2017-04-21 15:06:08,772 fail2ban.jail [26836]: INFO Jail 'ssh' uses poller
2017-04-21 15:06:08,926 fail2ban.jail [26836]: INFO Initiated 'polling'
backend
2017-04-21 15:06:08,935 fail2ban.filter [26836]: INFO Added logfile =
/var/log/auth.log
2017-04-21 15:06:08,940 fail2ban.filter [26836]: INFO Set maxRetry = 6
2017-04-21 15:06:08,951 fail2ban.filter [26836]: INFO Set findtime = 600
2017-04-21 15:06:08,956 fail2ban.actions[26836]: INFO Set banTime = 600
2017-04-21 15:06:09,343 fail2ban.jail [26836]: INFO Jail 'ssh' started
2017-04-21 15:06:09,439 fail2ban.actions.action[26836]: ERROR iptables -N
fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100
If I run the commands mannually, I get this:
pierre@BMO ~> sudo iptables -N fail2ban-ssh
iptables: Chain already exists.
pierre@BMO ~> sudo iptables -A fail2ban-ssh -j RETURN
pierre@BMO ~> sudo iptables -I INPUT -p tcp -m multiport --dports ssh -j
fail2ban-ssh
iptables: No chain/target/match by that name.
Regards,
-- System Information:
Debian Release: 8.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: armel (armv7l)
Foreign Architectures: armhf
Kernel: Linux 4.1.30.armada.1 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages fail2ban depends on:
ii lsb-base 4.1+Debian13+nmu1
pn python:any <none>
Versions of packages fail2ban recommends:
ii iptables 1.4.21-2+b1
pn python-pyinotify <none>
pn whois <none>
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2
pn python-gamin <none>
ii rsyslog [system-log-daemon] 8.4.2-1+deb8u2
-- no debconf information
--- End Message ---
--- Begin Message ---
On Thu, 11 May 2017, Pierre Rudloff wrote:
> > so -- do you have support in your kernel for multiport matching (having
> > a custom one?)? what if you try to run those commands manually
> > (after stopping fail2ban first) and/or just see quick google hit
> I indeed use a custom kernel provided by Netgear.
> I tried running the commands manually (see my initial post) and the last one
> indeed fails with this error:
> iptables: No chain/target/match by that name.
you didn't run preceding ones with -N
> I guess this means my kernel does not support multiport?
> Here is what /proc/net/ip_tables_matches returns:
> icmp
> udplite
> udp
> tcp
yeap -- have no multiport so change to another banaction or install new
kernel ;) this issue is solved
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
--- End Message ---
