Re: [Fail2ban-users] Allports problem with firewalld

Mon, 04 May 2020 08:58:48 -0700 

>
> I'd really like to adapt recidive to use rich rules. Are there any debug
>> logs and/or configurations I can provide?
>>
>
> I just recently took over maintenance of the package for Fedora so I'm far
> from an expert. Perhaps posting a new message to the mailing list with the
> details of the jail?
>

It looks like recidive is using the previously-broken  sshd and ipset:
2020-05-04 10:39:08,058 fail2ban.actions        [3408395]: NOTICE
 [recidive] Restore Ban 52.254.93.227
2020-05-04 10:39:08,065 fail2ban.utils          [3408395]: ERROR
7fb9dc9527a0 -- exec: ipset add f2b-recidive 52.254.93.227 timeout -1 -exist
2020-05-04 10:39:08,066 fail2ban.utils          [3408395]: ERROR
7fb9dc9527a0 -- stderr: "ipset v7.5: Syntax error: '-1' is out of range
0-2147483"
2020-05-04 10:39:08,066 fail2ban.utils          [3408395]: ERROR
7fb9dc9527a0 -- returned 1
2020-05-04 10:39:08,066 fail2ban.actions        [3408395]: ERROR   Failed
to execute ban jail 'recidive' action 'firewallcmd-ipset' info
'ActionInfo({'ip': '52.254.93.227', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fb9dff03170>, 'bantime': -1,
'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fb9dff03830>})':
Error banning 52.254.93.227
2020-05-04 10:39:08,067 fail2ban.actions        [3408395]: NOTICE
 [recidive] Restore Ban 52.83.41.33
2020-05-04 10:39:08,076 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- exec: ipset add f2b-recidive 52.83.41.33 timeout -1 -exist
2020-05-04 10:39:08,077 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- stderr: "ipset v7.5: Syntax error: '-1' is out of range
0-2147483"
2020-05-04 10:39:08,077 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- returned 1
2020-05-04 10:39:08,077 fail2ban.actions        [3408395]: ERROR   Failed
to execute ban jail 'recidive' action 'firewallcmd-ipset' info
'ActionInfo({'ip': '52.83.41.33', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fb9dff03170>, 'bantime': -1,
'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fb9dff03830>})':
Error banning 52.83.41.33
2020-05-04 10:39:08,078 fail2ban.actions        [3408395]: NOTICE
 [recidive] Restore Ban 62.57.192.50
2020-05-04 10:39:08,087 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- exec: ipset add f2b-recidive 62.57.192.50 timeout -1 -exist
2020-05-04 10:39:08,088 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- stderr: "ipset v7.5: Syntax error: '-1' is out of range
0-2147483"
2020-05-04 10:39:08,088 fail2ban.utils          [3408395]: ERROR
7fb9dc952b20 -- returned 1
2020-05-04 10:39:08,089 fail2ban.actions        [3408395]: ERROR   Failed
to execute ban jail 'recidive' action 'firewallcmd-ipset' info
'ActionInfo({'ip': '62.57.192.50', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fb9dff03170>, 'bantime': -1,
'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fb9dff03830>})':
Error banning 62.57.192.50
2020-05-04 10:39:08,089 fail2ban.actions        [3408395]: NOTICE
 [recidive] Restore Ban 65.52.34.66
2020-05-04 10:39:08,098 fail2ban.utils          [3408395]: ERROR
7fb9dc952730 -- exec: ipset add f2b-recidive 65.52.34.66 timeout -1 -exist
2020-05-04 10:39:08,099 fail2ban.utils          [3408395]: ERROR
7fb9dc952730 -- stderr: "ipset v7.5: Syntax error: '-1' is out of range
0-2147483"
2020-05-04 10:39:08,099 fail2ban.utils          [3408395]: ERROR
7fb9dc952730 -- returned 1
2020-05-04 10:39:08,099 fail2ban.actions        [3408395]: ERROR   Failed
to execute ban jail 'recidive' action 'firewallcmd-ipset' info
'ActionInfo({'ip': '65.52.34.66', 'family': 'inet4', 'fid': <function
Actions.ActionInfo.<lambda> at 0x7fb9dff03170>, 'bantime': -1,
'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fb9dff03830>})':
Error banning 65.52.34.66

Also note setting debug, i.e., fail2ban-client set loglevel debug with this
error ends up spamming the log file with this:
2020-05-04 10:42:34,404 fail2ban.filterpyinotif [3408395]: DEBUG
<_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-05-04 10:42:34,404 fail2ban.filterpyinotif [3408395]: DEBUG   Event
queue size: 16

The recidive jail stanza looks like this:

[recidive]
enabled  = true
filter   = recidive
logpath  = /var/log/fail2ban.log
           /var/log/fail2ban.log-*[!.gz]
action   = firewallcmd-ipset[name=recidive]
banaction = firewallcmd-ipset
bantime = -1
findtime = 86400   ; 1 day
maxretry = 2

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to