search

FreePBX / issue-tracker

The unified FreePBX issue tracker.
https://www.freepbx.org
GNU General Public License v3.0
4 stars 1 forks source link

Freepbx 17 - lot of iptables errors #147

Open Andsup opened 1 month ago

Andsup commented 1 month ago

FreePBX Version

FreePBX 17

Issue Description

Freepbx 17 is generating lot of iptables errors.

NOTE: iptables was replaced by nftables starting in Debian 10

Examples : (more below)

2024-05-09 21:16:32,734 fail2ban.actions [440]: ERROR Failed to stop jail 'vsftpd-iptables' action 'iptables-multiport-FTP': Error stopping action Jail('vsftpd-iptables')/iptables-multiport-FTP: 'Script error' 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- exec: iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-BadBots 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-BadBots' does not exist" 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information." 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- stderr: 'iptables: No chain/target/match by that name.' 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- stderr: 'iptables: No chain/target/match by that name.' 2024-05-09 21:16:32,740 fail2ban.utils [440]: ERROR 7f991a3af7b0 -- returned 1 2024-05-09 21:16:32,740 fail2ban.actions [440]: ERROR Failed to stop jail 'apache-badbots' action 'iptables-multiport-BadBots': Error stopping action Jail('apache-badbots')/iptables-multiport-BadBots: 'Script error' 2024-05-09 21:24:27,345 fail2ban.utils [441]: ERROR 7fdd06e9a080 -- exec: iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-sshd 2024-05-09 21:24:27,345 fail2ban.utils [441]: ERROR 7fdd06e9a080 -- stderr: 'iptables v1.8.9 (nf_tables): CHAIN_DEL failed (Device or resource busy): chain fail2ban-sshd' 2024-05-09 21:24:27,345 fail2ban.utils [441]: ERROR 7fdd06e9a080 -- returned 4 2024-05-09 21:24:27,345 fail2ban.actions [441]: ERROR Failed to stop jail 'sshd' action 'iptables-multiport': Error stopping action Jail('sshd')/iptables-multiport: 'Scr2024-05-09 21:24:41,228 fail2ban.server [442]: INFO --------------------------------------------------

Operating Environment

debian 12.5 iptables v1.8.9 (nf_tables) Fail2Ban v1.0.2

Relevant log output

2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- exec: iptables -D INPUT -p all -j fail2ban-recidive
2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-recidive' does not exist"
2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,672 fail2ban.utils          [440]: ERROR   7f9919d2cb70 -- returned 1
2024-05-09 21:16:32,673 fail2ban.actions        [440]: ERROR   Failed to stop jail 'recidive' action 'iptables-allports': Error stopping action Jail('recidive')/iptables-allports: 'Script error'
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- exec: iptables -D INPUT -p all -j fail2ban-apache-auth
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-apache-auth' does not exist"
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,678 fail2ban.utils          [440]: ERROR   7f991a3ce810 -- returned 1
2024-05-09 21:16:32,678 fail2ban.actions        [440]: ERROR   Failed to stop jail 'apache-tcpwrapper' action 'iptables-allports-apache-auth': Error stopping action Jail('apache-tcpwrapper')/iptables-allports-apache-auth: 'Script error'
2024-05-09 21:16:32,682 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- exec: iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]'
2024-05-09 21:16:32,682 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- returned 1
2024-05-09 21:16:32,683 fail2ban.CommandAction  [440]: ERROR   Invariant check failed. Unban is impossible.
2024-05-09 21:16:32,683 fail2ban.actions        [440]: ERROR   Failed to execute unban jail 'ssh-iptables' action 'iptables-multiport-SSH' info 'ActionInfo({'ip': '43.156.246.239', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f991a409300>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f991a409a80>})': Error unbanning 43.156.246.239
2024-05-09 21:16:32,687 fail2ban.utils          [440]: ERROR   7f991a457090 -- exec: iptables -D fail2ban-SSH -s 49.232.243.236 -j REJECT --reject-with icmp-port-unreachable
2024-05-09 21:16:32,687 fail2ban.utils          [440]: ERROR   7f991a457090 -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).'
2024-05-09 21:16:32,687 fail2ban.utils          [440]: ERROR   7f991a457090 -- returned 1
2024-05-09 21:16:32,691 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- exec: iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]'
2024-05-09 21:16:32,691 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- returned 1
2024-05-09 21:16:32,691 fail2ban.CommandAction  [440]: ERROR   Invariant check failed. Unban is impossible.
2024-05-09 21:16:32,691 fail2ban.actions        [440]: ERROR   Failed to execute unban jail 'ssh-iptables' action 'iptables-multiport-SSH' info 'ActionInfo({'ip': '49.232.243.236', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f991a409300>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f991a409a80>})': Error unbanning 49.232.243.236
2024-05-09 21:16:32,695 fail2ban.utils          [440]: ERROR   7f991a457090 -- exec: iptables -D fail2ban-SSH -s 49.51.249.252 -j REJECT --reject-with icmp-port-unreachable
2024-05-09 21:16:32,695 fail2ban.utils          [440]: ERROR   7f991a457090 -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).'
2024-05-09 21:16:32,695 fail2ban.utils          [440]: ERROR   7f991a457090 -- returned 1
2024-05-09 21:16:32,699 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- exec: iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]'
2024-05-09 21:16:32,699 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- returned 1
2024-05-09 21:16:32,699 fail2ban.CommandAction  [440]: ERROR   Invariant check failed. Unban is impossible.
2024-05-09 21:16:32,700 fail2ban.actions        [440]: ERROR   Failed to execute unban jail 'ssh-iptables' action 'iptables-multiport-SSH' info 'ActionInfo({'ip': '49.51.249.252', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f991a409300>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f991a409a80>})': Error unbanning 49.51.249.252
2024-05-09 21:16:32,703 fail2ban.utils          [440]: ERROR   7f991a457090 -- exec: iptables -D fail2ban-SSH -s 59.149.136.151 -j REJECT --reject-with icmp-port-unreachable
2024-05-09 21:16:32,704 fail2ban.utils          [440]: ERROR   7f991a457090 -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).'
2024-05-09 21:16:32,704 fail2ban.utils          [440]: ERROR   7f991a457090 -- returned 1
2024-05-09 21:16:32,708 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- exec: iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]'
2024-05-09 21:16:32,708 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- returned 1
2024-05-09 21:16:32,708 fail2ban.CommandAction  [440]: ERROR   Invariant check failed. Unban is impossible.
2024-05-09 21:16:32,708 fail2ban.actions        [440]: ERROR   Failed to execute unban jail 'ssh-iptables' action 'iptables-multiport-SSH' info 'ActionInfo({'ip': '59.149.136.151', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f991a409300>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f991a409a80>})': Error unbanning 59.149.136.151
2024-05-09 21:16:32,711 fail2ban.utils          [440]: ERROR   7f991a457090 -- exec: iptables -D fail2ban-SSH -s 94.255.206.25 -j REJECT --reject-with icmp-port-unreachable
2024-05-09 21:16:32,712 fail2ban.utils          [440]: ERROR   7f991a457090 -- stderr: 'iptables: Bad rule (does a matching rule exist in that chain?).'
2024-05-09 21:16:32,712 fail2ban.utils          [440]: ERROR   7f991a457090 -- returned 1
2024-05-09 21:16:32,715 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- exec: iptables -n -L INPUT | grep -q 'fail2ban-SSH[ \t]'
2024-05-09 21:16:32,716 fail2ban.utils          [440]: ERROR   7f991a4230c0 -- returned 1
2024-05-09 21:16:32,716 fail2ban.CommandAction  [440]: ERROR   Invariant check failed. Unban is impossible.
2024-05-09 21:16:32,716 fail2ban.actions        [440]: ERROR   Failed to execute unban jail 'ssh-iptables' action 'iptables-multiport-SSH' info 'ActionInfo({'ip': '94.255.206.25', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f991a409300>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f991a409a80>})': Error unbanning 94.255.206.25
2024-05-09 21:16:32,721 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- exec: iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-SSH
2024-05-09 21:16:32,722 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-SSH' does not exist"
2024-05-09 21:16:32,722 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,722 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,722 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,722 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- returned 1
2024-05-09 21:16:32,727 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- exec: iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-SSH
2024-05-09 21:16:32,728 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-SSH' does not exist"
2024-05-09 21:16:32,728 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,728 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,728 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,728 fail2ban.utils          [440]: ERROR   7f991a3ce6b0 -- returned 1
2024-05-09 21:16:32,728 fail2ban.actions        [440]: ERROR   Failed to stop jail 'ssh-iptables' action 'iptables-multiport-SSH': Error stopping action Jail('ssh-iptables')/iptables-multiport-SSH: 'Script error'
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- exec: iptables -D INPUT -p tcp -m multiport --dports ftp -j fail2ban-FTP
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-FTP' does not exist"
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,734 fail2ban.utils          [440]: ERROR   7f991a3ce970 -- returned 1
2024-05-09 21:16:32,734 fail2ban.actions        [440]: ERROR   Failed to stop jail 'vsftpd-iptables' action 'iptables-multiport-FTP': Error stopping action Jail('vsftpd-iptables')/iptables-multiport-FTP: 'Script error'
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- exec: iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-BadBots
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- stderr: "iptables v1.8.9 (nf_tables): Chain 'fail2ban-BadBots' does not exist"
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-05-09 21:16:32,740 fail2ban.utils          [440]: ERROR   7f991a3af7b0 -- returned 1
2024-05-09 21:16:32,740 fail2ban.actions        [440]: ERROR   Failed to stop jail 'apache-badbots' action 'iptables-multiport-BadBots': Error stopping action Jail('apache-badbots')/iptables-multiport-BadBots: 'Script error'
2024-05-09 21:24:27,345 fail2ban.utils          [441]: ERROR   7fdd06e9a080 -- exec: iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-sshd
2024-05-09 21:24:27,345 fail2ban.utils          [441]: ERROR   7fdd06e9a080 -- stderr: 'iptables v1.8.9 (nf_tables):  CHAIN_DEL failed (Device or resource busy): chain fail2ban-sshd'
ramarajan222 commented 1 month ago

Hi @Andsup ,

Are you facing this issue on the newly installed system (using the latest installation script )? if not build the new system using the latest installation script and check.

On the Newly installation system, fail2ban is working and is not able to reproduce the issue.

root@uc-42126347:~# fail2ban-client version 1.0.2 root@uc-42126347:~# iptables -V iptables v1.8.9 (nf_tables) root@uc-42126347:~# iptables -L INPUT Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SIP all -- anywhere anywhere fail2ban-FTP tcp -- anywhere anywhere multiport dports ftp fail2ban-BadBots tcp -- anywhere anywhere multiport dports http,https fail2ban-api tcp -- anywhere anywhere multiport dports http,https fail2ban-openvpn udp -- anywhere anywhere multiport dports openvpn fail2ban-recidive all -- anywhere anywhere fail2ban-PBX-GUI all -- anywhere anywhere fail2ban-SSH tcp -- anywhere anywhere multiport dports ssh fail2ban-apache-auth all -- anywhere anywhere fail2ban-sng-deskapp tcp -- anywhere anywhere fpbxfirewall all -- anywhere anywhere root@uc-42126347:~# fwconsole ma list | grep firewall | firewall | 17.0.1.17 | Enabled | AGPLv3+ | Sangoma |

Andsup commented 1 month ago

yes full new installation with the latest script.

iptables -V ==> iptables v1.8.9 (nf_tables)

fwconsole ma list | grep firewall | firewall | 17.0.1.18 | Enabled | AGPLv3+ | Sangoma |

NB: direct iptables commands on ssh session are working fine.

iptables -L INPUT Chain INPUT (policy ACCEPT) target prot opt source destination
fail2ban-apache-auth all -- anywhere anywhere
fail2ban-recidive all -- anywhere anywhere
fail2ban-openvpn udp -- anywhere anywhere multiport dports openvpn fail2ban-api tcp -- anywhere anywhere multiport dports http,https fail2ban-BadBots tcp -- anywhere anywhere multiport dports http,https fail2ban-FTP tcp -- anywhere anywhere multiport dports ftp fail2ban-SSH tcp -- anywhere anywhere multiport dports ssh fail2ban-PBX-GUI all -- anywhere anywhere
fail2ban-SIP all -- anywhere anywhere
fail2ban-sshd tcp -- anywhere anywhere multiport dports ssh

How can I help you ?

Andsup commented 1 month ago

I forced a fail2ban reinstallation. To be confirmed but since then no erreur any more.

Andsup commented 1 month ago

I had also to modify logrotate config to avoid the compress option for fail2ban log.

Could be close.

Thanks for your support on this topic.

Andsup commented 1 month ago

Hi,

Again errors :

Command ['get', 'ignoreip'] has failed. Received IndexError('list index out...: 279 Time(s) Command ['set', 'addignoreip', '127.0.0.1'] has failed. Received Exception(...: 279 Time(s) Command ['set', 'addignoreip', '127.0.1.1'] has failed. Received Exception(...: 279 Time(s) Command ['set', 'addignoreip', '192.168.5.55'] has failed. Received Excepti...: 279 Time(s)

... 2024-05-26 15:50:10,501 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', 'xxxxxxxx'] has failed. Received Exception("Invalid command '57.129.5.195' (no set action or not yet implemented)") 2024-05-26 15:50:10,558 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.1.1'] has failed. Received Exception("Invalid command '127.0.1.1' (no set action or not yet implemented)") 2024-05-26 15:50:10,622 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.6.4'] has failed. Received Exception("Invalid command '192.168.6.4' (no set action or not yet implemented)") 2024-05-26 15:50:10,681 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.0.1'] has failed. Received Exception("Invalid command '127.0.0.1' (no set action or not yet implemented)") 2024-05-26 15:55:12,641 fail2ban.transmitter [847779]: ERROR Command ['get', 'ignoreip'] has failed. Received IndexError('list index out of range') 2024-05-26 15:55:12,697 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.5.55'] has failed. Received Exception("Invalid command '192.168.5.55' (no set action or not yet implemented)") 2024-05-26 15:55:12,751 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', 'xxxxx'] has failed. Received Exception("Invalid command '81.247.187.175' (no set action or not yet implemented)") 2024-05-26 15:55:12,808 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '57.129.5.195'] has failed. Received Exception("Invalid command '57.129.5.195' (no set action or not yet implemented)") 2024-05-26 15:55:12,869 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.1.1'] has failed. Received Exception("Invalid command '127.0.1.1' (no set action or not yet implemented)") 2024-05-26 15:55:12,932 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.6.4'] has failed. Received Exception("Invalid command '192.168.6.4' (no set action or not yet implemented)") 2024-05-26 15:55:12,987 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.0.1'] has failed. Received Exception("Invalid command '127.0.0.1' (no set action or not yet implemented)") 2024-05-26 16:00:33,629 fail2ban.transmitter [847779]: ERROR Command ['get', 'ignoreip'] has failed. Received IndexError('list index out of range') 2024-05-26 16:00:33,687 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.5.55'] has failed. Received Exception("Invalid command '192.168.5.55' (no set action or not yet implemented)") 2024-05-26 16:00:33,742 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', 'xxxxx'] has failed. Received Exception("Invalid command '81.247.187.175' (no set action or not yet implemented)") 2024-05-26 16:00:33,800 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '57.129.5.195'] has failed. Received Exception("Invalid command '57.129.5.195' (no set action or not yet implemented)") 2024-05-26 16:00:33,861 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.1.1'] has failed. Received Exception("Invalid command '127.0.1.1' (no set action or not yet implemented)") 2024-05-26 16:00:33,916 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.6.4'] has failed. Received Exception("Invalid command '192.168.6.4' (no set action or not yet implemented)") 2024-05-26 16:00:33,970 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.0.1'] has failed. Received Exception("Invalid command '127.0.0.1' (no set action or not yet implemented)") 2024-05-26 16:05:31,007 fail2ban.transmitter [847779]: ERROR Command ['get', 'ignoreip'] has failed. Received IndexError('list index out of range') 2024-05-26 16:05:31,062 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.5.55'] has failed. Received Exception("Invalid command '192.168.5.55' (no set action or not yet implemented)") 2024-05-26 16:05:31,117 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', 'xxxxx'] has failed. Received Exception("Invalid command '81.247.187.175' (no set action or not yet implemented)") 2024-05-26 16:05:31,171 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '57.129.5.195'] has failed. Received Exception("Invalid command '57.129.5.195' (no set action or not yet implemented)") 2024-05-26 16:05:31,247 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.1.1'] has failed. Received Exception("Invalid command '127.0.1.1' (no set action or not yet implemented)") 2024-05-26 16:05:31,302 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '192.168.6.4'] has failed. Received Exception("Invalid command '192.168.6.4' (no set action or not yet implemented)") 2024-05-26 16:05:31,359 fail2ban.transmitter [847779]: ERROR Command ['set', 'addignoreip', '127.0.0.1'] has failed. Received Exception("Invalid command '127.0.0.1' (no set action or not yet implemented)") 2024-05-26 16:10:51,880 fail2ban.server [847779]: INFO Shutdown in progress...

NB: target prot opt source destination
zone-trusted all -- 192.168.5.55 anywhere
zone-internal all -- 192.168.6.0/24 anywhere
zone-internal all -- 192.168.5.0/24 anywhere ....