Hi, there seems to be some problem with sequence of commands run from python. Maybe our server is too powerfull? (poweredge 2950 with two 4 core processors, old server was some old pentium4 with ht, there were no such problems)
If i run those commands separately from command line ,there is no problem. But if whole (multiline) actionstart is run, there seems to be problem with order of commands. Problem is, that iptables -I INPUT -p tcp -m multiport --dports ftp,ftp-data,ftps,ftps-data -j fail2ban-proftpd is run in time, when there is no such chain, so kernel tries to autoload module for it (but there is no such module) (you can try it by running this command) You get this iptables v1.4.4: Couldn't load target `fail2ban- proftpd':/lib/xtables/libipt_fail2ban-proftpd.so: cannot open shared object file: No such file or directory Patch from sf explodes actionstart by newline and launches each line separately (maybe with some locking? I can't read python) With regards Libor Dne úterý 03 Listopad 2009 16:00:30 Yaroslav Halchenko napsal(a): > brr... are you sure you just have some problem with iptables? what if > whenever there is no fail2ban running you run those commands while being > root > > iptables -N fail2ban-proftpd > iptables -A fail2ban-proftpd -j RETURN > iptables -I INPUT -p tcp -m multiport --dports ftp,ftp-data,ftps,ftps-data > -j fail2ban-proftpd > > will you get at some point that > iptables v1.4.4: Couldn't load target > `fail2ban-proftpd':/lib/xtables/libipt_fail2ban-proftpd.so: cannot open > shared object file: No such file or directory > > or would be there any other error reported? > > On Tue, 03 Nov 2009, Libor Klepac wrote: > > Package: fail2ban > > Version: 0.8.4-1 > > Severity: important > > > > Hi, > > I have problems with using several jails. It was there before, but didn't > > hit so hard as today, when i was unable to restart fail2ban cleanly , i > > was trying it for maybe 50 times (changing configs, installing python2.4 > > ...etc). I seems to fail to execute iptables in correct orderd leading to > > something like this in its output >
signature.asc
Description: This is a digitally signed message part.