Hi everyone,
I've got fail2ban and firewalld set up on a C7 box, in theory protecting
dovecot, exim and ssh but I'm not convinced it's doing anything.
in /var/log/fail2ban.log I'm getting loads of entries such as:
2020-12-22 19:08:08,100 fail2ban.actions [1836]: WARNING
[dovecot] 78.128.113.67 already banned
I think this is because the actual ban is not working. I have entries
such as:
2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR
7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ", "
" "); do firewall-cmd --add-rich-rule="rule family='ipv4' source
address='113.110.47.81' port port='$p' protocol='tcp' reject
type='icmp-port-unreachable'"; done
2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR
7f119e95f7f0 -- stderr: 'Error: INVALID_PORT: 0:65535'
2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR
7f119e95f7f0 -- returned 102
2020-12-22 19:38:27,620 fail2ban.actions [1836]: ERROR Failed to
execute ban jail 'dovecot' action 'firewallcmd-rich-rules' info
'ActionInfo({'ip': '113.110.47.81', 'fid': at
0x7f119f084050>, 'family': 'inet4', 'raw-ticket': at
0x7f119f0845f0>})': Error banning 113.110.47.81
I've done some Googling and received lots of responses about fail2ban
failures but I can't find anything relating to this.
Anyone got any ideas?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
