Public bug reported: 1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS), using the usual do-release-upgrade command.
2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not insert the usual match-set rules into iptables, although it seems to be finding IP's, banning and trying to insert those rules. The filter.d and jail.d scripts that we customized were left untouched from the previously working setup and are all present in the current directories. 3. Runing systemctl status --no-pager -l fail2ban.service shows: ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago Docs: man:fail2ban(1) Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 8770 (f2b/server) Tasks: 11 (limit: 4654) Memory: 12.4M CGroup: /system.slice/fail2ban.service └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service... abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service. abr 26 11:22:38 mx fail2ban-server[8770]: Server ready 4. The log at /var/log/fail2ban.log, shows: 4.1. the usual entries: 2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter] Found 185.39.10.73 - 2020-04-26 12:44:37 2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter] Ban 185.39.10.73 4.2. many previously not found ERRORS like: 2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- exec: ipset create f2b-some-filter hash:ip timeout <bantime> iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- stderr: '/bin/sh: 2: Syntax error: newline unexpected' 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- returned 2 2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info 'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error' 5. In the current setup although the Fail2Ban daemon seems to be running, there seems to be some change in the Fail2Ban v.0.11.x script's parser that blocks Fail2Ban from inserting iptables --match-set rules and rendering the application useless. Thank you. MA ** Affects: fail2ban (Ubuntu) Importance: Undecided Status: New ** Description changed: 1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS), using the usual do-release-upgrade command. 2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not insert the usual match-set rules into iptables, although it seems to be - finding IP's, banning and trying to insert those rules. The previous - user changed filter.d and jail.d scripts were left untouched from the - previously working setup. + finding IP's, banning and trying to insert those rules. The filter.d and + jail.d scripts that we customized were left untouched from the + previously working setup and are all present in the current + diretctories. 3. Runing systemctl status --no-pager -l fail2ban.service shows: ● fail2ban.service - Fail2Ban Service - Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) - Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago - Docs: man:fail2ban(1) - Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) - Main PID: 8770 (f2b/server) - Tasks: 11 (limit: 4654) - Memory: 12.4M - CGroup: /system.slice/fail2ban.service - └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start + Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) + Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago + Docs: man:fail2ban(1) + Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) + Main PID: 8770 (f2b/server) + Tasks: 11 (limit: 4654) + Memory: 12.4M + CGroup: /system.slice/fail2ban.service + └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service... abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service. abr 26 11:22:38 mx fail2ban-server[8770]: Server ready 4. The log at /var/log/fail2ban.log, shows: 4.1. the usual entries: 2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter] Found 185.39.10.73 - 2020-04-26 12:44:37 2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter] Ban 185.39.10.73 4.2. many previously not found ERRORS like: 2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- exec: ipset create f2b-some-filter hash:ip timeout <bantime> iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- stderr: '/bin/sh: 2: Syntax error: newline unexpected' 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- returned 2 2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info 'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error' 5. In the current setup although the Fail2Ban daemon seems to be running, there seems to be some change in the Fail2Ban v.0.11.x script's parser that blocks Fail2Ban from working as expected. Thank you. MA ** Description changed: 1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS), using the usual do-release-upgrade command. 2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not insert the usual match-set rules into iptables, although it seems to be finding IP's, banning and trying to insert those rules. The filter.d and jail.d scripts that we customized were left untouched from the - previously working setup and are all present in the current - diretctories. + previously working setup and are all present in the current directories. 3. Runing systemctl status --no-pager -l fail2ban.service shows: ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago Docs: man:fail2ban(1) Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 8770 (f2b/server) Tasks: 11 (limit: 4654) Memory: 12.4M CGroup: /system.slice/fail2ban.service └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service... abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service. abr 26 11:22:38 mx fail2ban-server[8770]: Server ready 4. The log at /var/log/fail2ban.log, shows: 4.1. the usual entries: 2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter] Found 185.39.10.73 - 2020-04-26 12:44:37 2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter] Ban 185.39.10.73 4.2. many previously not found ERRORS like: 2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- exec: ipset create f2b-some-filter hash:ip timeout <bantime> iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- stderr: '/bin/sh: 2: Syntax error: newline unexpected' 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- returned 2 2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info 'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error' 5. In the current setup although the Fail2Ban daemon seems to be running, there seems to be some change in the Fail2Ban v.0.11.x script's parser that blocks Fail2Ban from working as expected. Thank you. MA ** Description changed: 1. We have just upgraded to Ubuntu Server 20.04 LTS (from 18.04 LTS), using the usual do-release-upgrade command. 2. Fail2Ban was upgraded from 0.10.2-2 to 0.11.1-1 and now I does not insert the usual match-set rules into iptables, although it seems to be finding IP's, banning and trying to insert those rules. The filter.d and jail.d scripts that we customized were left untouched from the previously working setup and are all present in the current directories. 3. Runing systemctl status --no-pager -l fail2ban.service shows: ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-04-26 11:22:37 CEST; 1h 40min ago Docs: man:fail2ban(1) Process: 8769 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 8770 (f2b/server) Tasks: 11 (limit: 4654) Memory: 12.4M CGroup: /system.slice/fail2ban.service └─8770 /usr/bin/python3 /usr/bin/fail2ban-server -xf start abr 26 11:22:37 mx systemd[1]: Starting Fail2Ban Service... abr 26 11:22:37 mx systemd[1]: Started Fail2Ban Service. abr 26 11:22:38 mx fail2ban-server[8770]: Server ready 4. The log at /var/log/fail2ban.log, shows: 4.1. the usual entries: 2020-04-26 12:44:37,284 fail2ban.filter [8770]: INFO [some-filter] Found 185.39.10.73 - 2020-04-26 12:44:37 2020-04-26 12:44:37,594 fail2ban.actions [8770]: NOTICE [some-filter] Ban 185.39.10.73 4.2. many previously not found ERRORS like: 2020-04-26 12:44:37,607 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- exec: ipset create f2b-some-filter hash:ip timeout <bantime> iptables -w -I INPUT 6 -m set --match-set f2b-some-filter src -j DROP 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- stderr: '/bin/sh: 2: Syntax error: newline unexpected' 2020-04-26 12:44:37,608 fail2ban.utils [8770]: ERROR 7fc2d9f26ab0 -- returned 2 2020-04-26 12:44:37,608 fail2ban.actions [8770]: ERROR Failed to execute ban jail 'some-filter' action 'iptables-ipset-proto6-allports' info 'ActionInfo({'ip': '185.39.10.73', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0a430>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fc2d9f0aaf0>})': Error starting action Jail('some-filter')/iptables-ipset-proto6-allports: 'Script error' 5. In the current setup although the Fail2Ban daemon seems to be running, there seems to be some change in the Fail2Ban v.0.11.x script's - parser that blocks Fail2Ban from working as expected. + parser that blocks Fail2Ban from inserting iptables --match-set rules + and rendering the application useless. Thank you. MA -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875169 Title: After upgrading to Ubuntu 20.04 (from 18.04) Fail2Ban no longer inserts iptables --match-set rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1875169/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs