At 11:12 AM 9/21/2020, Kenneth Porter wrote:
--On Sunday, September 20, 2020 10:23 PM -0500 Mike <[email protected]> wrote:
I updated one of my CentOS 7 servers to Fail2ban 0.11.1-9.el7.2
fail2ban-0.11.1-10.el7.noarch is working fine for me on CentOS
7.8.2003. I can list ipsets and the direct rules with your commands.
Check the XML for your rules and sets and try dumping the entire
firewall to the console with "iptables -L -v -n".
I am able to reboot the server and f2b starts and doesn't seem to
throw any errors, but when I run ipset list or iptables -L
INPUT_direct I still get nothing. Here's the fail2ban log:
2020-09-21 11:19:49,650 fail2ban.server [978]:
INFO Starting Fail2ban v0.11.1
2020-09-21 11:19:49,652 fail2ban.observer [978]:
INFO Observer start...
2020-09-21 11:19:49,684 fail2ban.database [978]:
INFO Connected to fail2ban persistent database
'/var/lib/fail2ban/fail2ban.sqlite3'
2020-09-21 11:19:49,696 fail2ban.jail [978]:
INFO Creating new jail 'sshd'
2020-09-21 11:19:49,773 fail2ban.jail [978]: INFO Jail
'sshd' uses systemd {}
2020-09-21 11:19:49,774 fail2ban.jail [978]:
INFO Initiated 'systemd' backend
2020-09-21 11:19:49,775 fail2ban.filter [978]: INFO maxLines: 1
2020-09-21 11:19:49,776 fail2ban.filtersystemd [978]: INFO [sshd]
Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-09-21 11:19:49,815 fail2ban.filter [978]: INFO maxRetry: 3
2020-09-21 11:19:49,815 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,816 fail2ban.filter [978]: INFO findtime: 1200
2020-09-21 11:19:49,816 fail2ban.actions [978]:
INFO banTime: 1209600
2020-09-21 11:19:49,816 fail2ban.jail [978]:
INFO Creating new jail 'vsftpd'
2020-09-21 11:19:49,826 fail2ban.jail [978]: INFO Jail
'vsftpd' uses poller {}
2020-09-21 11:19:49,827 fail2ban.jail [978]:
INFO Initiated 'polling' backend
2020-09-21 11:19:49,832 fail2ban.filter [978]: INFO maxRetry: 5
2020-09-21 11:19:49,832 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,832 fail2ban.filter [978]: INFO findtime: 1200
2020-09-21 11:19:49,833 fail2ban.actions [978]: INFO banTime: 14400
2020-09-21 11:19:49,836 fail2ban.filter [978]: INFO Added
logfile: '/var/log/vsftpd.log' (pos = 567, hash =
fa62ff81162cd6dc23591183424fc4c2)
2020-09-21 11:19:49,836 fail2ban.jail [978]:
INFO Creating new jail 'postfix'
2020-09-21 11:19:49,837 fail2ban.jail [978]: INFO Jail
'postfix' uses systemd {}
2020-09-21 11:19:49,837 fail2ban.jail [978]:
INFO Initiated 'systemd' backend
2020-09-21 11:19:49,838 fail2ban.filtersystemd [978]:
INFO [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-09-21 11:19:49,846 fail2ban.filter [978]: INFO maxRetry: 5
2020-09-21 11:19:49,846 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,846 fail2ban.filter [978]: INFO findtime: 600
2020-09-21 11:19:49,847 fail2ban.actions [978]: INFO banTime: 1200
2020-09-21 11:19:49,847 fail2ban.jail [978]:
INFO Creating new jail 'dovecot'
2020-09-21 11:19:49,847 fail2ban.jail [978]: INFO Jail
'dovecot' uses systemd {}
2020-09-21 11:19:49,847 fail2ban.jail [978]:
INFO Initiated 'systemd' backend
2020-09-21 11:19:49,854 fail2ban.datedetector [978]: INFO date
pattern `''`: `{^LN-BEG}TAI64N`
2020-09-21 11:19:49,854 fail2ban.filtersystemd [978]:
INFO [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-09-21 11:19:49,854 fail2ban.filter [978]: INFO maxRetry: 2
2020-09-21 11:19:49,855 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,855 fail2ban.filter [978]:
INFO findtime: 43200
2020-09-21 11:19:49,855 fail2ban.actions [978]:
INFO banTime: 1036800
2020-09-21 11:19:49,855 fail2ban.jail [978]:
INFO Creating new jail 'pam-generic'
2020-09-21 11:19:49,855 fail2ban.jail [978]: INFO Jail
'pam-generic' uses systemd {}
2020-09-21 11:19:49,856 fail2ban.jail [978]:
INFO Initiated 'systemd' backend
2020-09-21 11:19:49,856 fail2ban.jail [978]:
INFO Initiated 'systemd' backend
2020-09-21 11:19:49,861 fail2ban.filter [978]: INFO maxRetry: 4
2020-09-21 11:19:49,861 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,861 fail2ban.filter [978]:
INFO findtime: 43200
2020-09-21 11:19:49,862 fail2ban.actions [978]:
INFO banTime: 1036800
2020-09-21 11:19:49,930 fail2ban.jail [978]:
INFO Creating new jail 'manban'
2020-09-21 11:19:49,930 fail2ban.jail [978]: INFO Jail
'manban' uses poller {}
2020-09-21 11:19:49,931 fail2ban.jail [978]:
INFO Initiated 'polling' backend
2020-09-21 11:19:49,932 fail2ban.filter [978]: INFO maxRetry: 1
2020-09-21 11:19:49,932 fail2ban.filter [978]:
INFO encoding: UTF-8
2020-09-21 11:19:49,933 fail2ban.filter [978]: INFO findtime: 3600
2020-09-21 11:19:49,933 fail2ban.actions [978]:
INFO banTime: 2147000
2020-09-21 11:19:49,936 fail2ban.filter [978]: INFO Added
logfile: '/var/log/manban.log' (pos = 167, hash =
e0e7cee99a910096ae1616a07e6ba4f3)
2020-09-21 11:19:49,949 fail2ban.jail [978]: INFO Jail
'sshd' started
2020-09-21 11:19:49,965 fail2ban.jail [978]: INFO Jail
'vsftpd' started
2020-09-21 11:19:49,972 fail2ban.jail [978]: INFO Jail
'postfix' started
2020-09-21 11:19:49,974 fail2ban.jail [978]: INFO Jail
'dovecot' started
2020-09-21 11:19:49,974 fail2ban.filtersystemd [978]: NOTICE Jail
started without 'journalmatch' set. Jail regexs will be checked
against all journal entries, which is not advised for performance reasons.
2020-09-21 11:19:50,012 fail2ban.jail [978]: INFO Jail
'pam-generic' started
2020-09-21 11:19:50,067 fail2ban.jail [978]: INFO Jail
'manban' started
2020-09-21 11:19:50,393 fail2ban.actions [978]:
NOTICE [manban] Restore Ban 184.95.34.146
2020-09-21 11:19:56,064 fail2ban.actions [978]:
NOTICE [manban] Restore Ban 83.97.20.35
when I dump all the firewall rules it does show those two "manban"
IPs, but I don't see an ipset list or any fail2ban rules in the
firewall like I do on my other servers:
# iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt
in out source destination
3247 399K
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
114 7691 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
137 24521
INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
137 24521
INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
137 24521
INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
118 23393
REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt
in out source destination
0 0
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0
FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0
0.0.0.0/0
0 0
FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID
0 0
REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 2714 packets, 4318K bytes)
pkts bytes target prot opt
in out source destination
236 33637 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3876 4438K
OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt
in out source destination
0 0
FWDI_public all -- eth0 * 0.0.0.0/0 0.0.0.0/0
[goto]
0 0
FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt
in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt
in out source destination
0 0
FWDO_public all -- * eth0 0.0.0.0/0 0.0.0.0/0
[goto]
0 0
FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0
[goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt
in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt
in out source destination
0 0
FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt
in out source destination
0 0
FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0
FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt
in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt
in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt
in out source destination
137 24521
IN_public all -- eth0 * 0.0.0.0/0 0.0.0.0/0
[goto]
0 0
IN_public all -- + * 0.0.0.0/0 0.0.0.0/0
[goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt
in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt
in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt
in out source destination
137 24521
IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
137 24521
IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
137 24521
IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
1 84 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt
in out source destination
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 ctstate NEW,UNTRACKED
13 760
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 ctstate NEW,UNTRACKED
3 180
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 ctstate NEW,UNTRACKED
1 52
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:465 ctstate NEW,UNTRACKED
1 52
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:922 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:587 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 ctstate NEW,UNTRACKED
0 0
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53 ctstate NEW,UNTRACKED
0 0
ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
pkts bytes target prot opt
in out source destination
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:25 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:465 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:587 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:143 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:220 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:993 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:110 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:995 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:80 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:443 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:1080 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:21 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 184.95.34.146 0.0.0.0/0
tcp dpt:22 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:25 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:465 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:587 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:143 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:220 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:993 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:110 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:995 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:80 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:443 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:1080 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:21 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
0 0
REJECT tcp -- * * 83.97.20.35 0.0.0.0/0
tcp dpt:22 ctstate NEW,UNTRACKED reject-with icmp-port-unreachable
Chain IN_public_log (1 references)
pkts bytes target prot opt
in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt
in out source destination
On my other server that hasn't been patched, here's what I get:
# iptables -L INPUT_direct
Chain INPUT_direct (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere
multiport dports smtp,urd,submission match-set f2b-postfix src
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere
multiport dports
ssh,ftp,ftp-data,ftps,ftps-data,http,https,922,smtp,saft match-set
f2b-sshd src reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere
multiport dports
pop3,pop3s,smtp,imap,imaps,submission,urd,sieve,http,https match-set
f2b-dovecot src reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere
multiport dports
smtp,submission,imap,imap3,imaps,pop3,pop3s,http,https,ftp,922
match-set f2b-manban src reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere
multiport dports ftp,ftp-data,ftps,ftps-data match-set f2b-vsftpd src
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere
match-set f2b-pam-generic src reject-with icmp-port-unreachable
Boths servers are basically identically configured but one was
recently patched with yum update and updated f2b.
Any ideas. fail2ban appears to be running but there are no ipset
lists on the new server.
On the patched server:
# ipset list
# ipset list f2b-manban
ipset v7.1: The set with the given name does not exist
I don't get it.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
