Open holckj opened 8 years ago
Do you still have that problem ?
What happens when you run fail2ban-subnets.py
manually ?
Yes, I still have the problem: $ cd /etc/cron.hourly $ ./fail2ban-subnets.py iptables: No chain/target/match by that name.
I haven't been able to reproduce that error.
Could you provide your iptables -L
? (you can redact the IPs)
I got this error on a system running Centos 6 / fail2ban-0.9.6-1.el6.1.noarch (SME Server 9.2)
My system did not seem to support the various ".local" folders and files in /etc/fail2ban.
I eliminated the error (but can't say if my configuration is now valid...) by moving the various configs and files to the main fail2ban sub-folders:
cd /etc/fail2ban
cp action.d.local/* action.d
cp filter.d.local/* filter.d
cat jail.local >> jail.conf
service fail2ban restart
I found I could also eliminate this error like this (changing the file extensions to ".local" instead of putting them into a ".local" subdirectory)
cp ~/addons/fail2ban-subnets/action.d.local/iptables-subnet.conf /etc/fail2ban/action.d/iptables-subnet.local
cp ~/addons/fail2ban-subnets/filter.d.local/subnets.conf /etc/fail2ban/filter.d/subnets.local
cat ~/addons/fail2ban-subnets/jail.local >> /etc/fail2ban/jail.local
service fail2ban restart
Thank you very much for sharing your fail2ban-subnets solution. I came to you by this issue conversation: https://github.com/fail2ban/fail2ban/issues/927
I also had issue like @holckj and solved it by restarting fail2ban! Of course, first time running fail2ban-subnets.py the jail has to get registered in iptables first.
Thanks for the feedback @chk- ! I forgot to add "restart fail2ban" to the Readme. That's a very good point!
I still have this error.
System is Ubuntu 20.04 LTS recently upgraded from 18.04 LTS. Lang: Spanish.
I have following jails configured
Jail list: apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-overflows, apache-shellshock, php-url-fopen, phpmyadmin-syslog, postfix, postfix-rbl, postfix-sasl, pure-ftpd, sieve, sshd
Tail of /etc/fail2ban/jail.local
[zoneminder]
# Zoneminder HTTP/HTTPS web interface auth
# Logs auth failures to apache2 error log
port = http,https
logpath = %(apache_error_log)s
# Keep this jail at the end, even after the recidive one
[subnets]
enabled = true
filter = subnets
action = iptables-subnet[name=%(__name__)s, logpath="%(logpath)s"]
logpath = /var/log/fail2ban-subnets.log
bantime = 15552000 ; 6 months
findtime = 7776000 ; 3 months as we don't repeat already banned IPs
maxretry = 1 ; once we have a line, we ban
Tail of /var/log/fail2ban-subnets.log
2020-07-01 19:17:01,601 fail2ban-subnets: WARNING subnet 185.143.73.0/24 has been banned 60 times with 6 ips
2020-07-01 19:20:01,125 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:25:01,461 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:30:01,117 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:35:01,232 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:40:01,647 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:45:01,966 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:50:01,464 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 19:55:01,402 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 20:00:01,917 fail2ban-subnets: INFO started with an analysis over 16 weeks
2020-07-01 20:05:01,174 fail2ban-subnets: INFO started with an analysis over 16 weeks
iptables -L output
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9980
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
REJECT all -- 46.38.150.72 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.38.150.47 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.38.150.132 anywhere reject-with icmp-port-unreachable
REJECT all -- cursors.madpast.com anywhere reject-with icmp-port-unreachable
REJECT all -- 37.49.224.173 anywhere reject-with icmp-port-unreachable
REJECT all -- 212.70.149.82 anywhere reject-with icmp-port-unreachable
REJECT all -- 212.70.149.66 anywhere reject-with icmp-port-unreachable
REJECT all -- 212.70.149.50 anywhere reject-with icmp-port-unreachable
REJECT all -- 212.70.149.2 anywhere reject-with icmp-port-unreachable
REJECT all -- 212.70.149.18 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.75.81 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.75.153 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.93 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.58 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.203 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.175 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.162 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.73.148 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.72.27 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.72.25 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.143.72.16 anywhere reject-with icmp-port-unreachable
REJECT all -- 141.98.10.208 anywhere reject-with icmp-port-unreachable
REJECT all -- 141.98.10.192 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Manually running /etc/cron.hourly/fail2ban-subnets
root@mail:~# /etc/cron.hourly/fail2ban-subnets
iptables: No chain/target/match by that name.
This looks like a very valuable script. I have installed it according to the recommendations, but now hourly receive this message: