Error message from iptables: No chain/target/match by that name

[holckj]

This looks like a very valuable script. I have installed it according to the recommendations, but now hourly receive this message:

/etc/cron.hourly/fail2ban-subnets.py: iptables: No chain/target/match by that name.

[XaF]

Do you still have that problem ? What happens when you run fail2ban-subnets.py manually ?

[holckj]

Yes, I still have the problem: $ cd /etc/cron.hourly $ ./fail2ban-subnets.py iptables: No chain/target/match by that name.

[XaF]

I haven't been able to reproduce that error. Could you provide your iptables -L ? (you can redact the IPs)

[mmccarn]

I got this error on a system running Centos 6 / fail2ban-0.9.6-1.el6.1.noarch (SME Server 9.2)

My system did not seem to support the various ".local" folders and files in /etc/fail2ban.

I eliminated the error (but can't say if my configuration is now valid...) by moving the various configs and files to the main fail2ban sub-folders:

cd /etc/fail2ban
cp action.d.local/* action.d
cp filter.d.local/* filter.d
cat jail.local >> jail.conf
service fail2ban restart

I found I could also eliminate this error like this (changing the file extensions to ".local" instead of putting them into a ".local" subdirectory)

cp ~/addons/fail2ban-subnets/action.d.local/iptables-subnet.conf /etc/fail2ban/action.d/iptables-subnet.local
cp ~/addons/fail2ban-subnets/filter.d.local/subnets.conf /etc/fail2ban/filter.d/subnets.local
cat ~/addons/fail2ban-subnets/jail.local >> /etc/fail2ban/jail.local
service fail2ban restart

[chk-]

Thank you very much for sharing your fail2ban-subnets solution. I came to you by this issue conversation: https://github.com/fail2ban/fail2ban/issues/927

I also had issue like @holckj and solved it by restarting fail2ban! Of course, first time running fail2ban-subnets.py the jail has to get registered in iptables first.

[XaF]

Thanks for the feedback @chk- ! I forgot to add "restart fail2ban" to the Readme. That's a very good point!

[tonikasch]

I still have this error.

System is Ubuntu 20.04 LTS recently upgraded from 18.04 LTS. Lang: Spanish.

I have following jails configured

Jail list:  apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-overflows, apache-shellshock, php-url-fopen, phpmyadmin-syslog, postfix, postfix-rbl, postfix-sasl, pure-ftpd, sieve, sshd

Tail of /etc/fail2ban/jail.local

[zoneminder]
# Zoneminder HTTP/HTTPS web interface auth
# Logs auth failures to apache2 error log
port    = http,https
logpath = %(apache_error_log)s

# Keep this jail at the end, even after the recidive one
[subnets]
enabled  = true
filter   = subnets
action   = iptables-subnet[name=%(__name__)s, logpath="%(logpath)s"]
logpath  = /var/log/fail2ban-subnets.log
bantime  = 15552000 ; 6 months
findtime = 7776000 ; 3 months as we don't repeat already banned IPs
maxretry = 1 ; once we have a line, we ban

Tail of /var/log/fail2ban-subnets.log

2020-07-01 19:17:01,601 fail2ban-subnets: WARNING subnet 185.143.73.0/24 has been banned 60 times with 6 ips
2020-07-01 19:20:01,125 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:25:01,461 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:30:01,117 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:35:01,232 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:40:01,647 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:45:01,966 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:50:01,464 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:55:01,402 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 20:00:01,917 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 20:05:01,174 fail2ban-subnets: INFO started with an analysis over 16 weeks

iptables -L output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-postfix-sasl  tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:9980

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
REJECT     all  --  46.38.150.72         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  46.38.150.47         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  46.38.150.132        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  cursors.madpast.com  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  37.49.224.173        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  212.70.149.82        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  212.70.149.66        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  212.70.149.50        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  212.70.149.2         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  212.70.149.18        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.75.81        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.75.153       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.93        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.58        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.203       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.175       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.162       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.73.148       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.72.27        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.72.25        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.143.72.16        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  141.98.10.208        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  141.98.10.192        anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere      

Manually running /etc/cron.hourly/fail2ban-subnets

root@mail:~# /etc/cron.hourly/fail2ban-subnets 
iptables: No chain/target/match by that name.