action.d/Blacklist.conf cannot create new chain in IpTables

mitchellkrogza / Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning

A customised jail with action and filter file for Fail2Ban. This jail is based on the recidive jail but makes use of a simple text file to enable extended and permanent bans.

150 stars 38 forks source link

action.d/Blacklist.conf cannot create new chain in IpTables #4

Open ghanavat opened 6 years ago

ghanavat commented 6 years ago

Hi,

Thanks for sharing this.

I am having issue with iptables. The new chain for 'blacklist' won't get created. I cannot find any detail error message. There is only a very vague one in Fail2Ban.log file:

fail2ban.actions.action[24130]: ERROR iptables -N fail2ban- ...

I know there is not enough here, but that's all I got. I have changed the loglevel to 4, but got some useless information in fail2ban.log file.

Please can you advise?

Kind regards, Saeed

ghanavat commented 6 years ago

Is this hub active?

mitchellkrogza commented 6 years ago

Hi @ghanavat yes it is, my apologies I have been so tied down with other projects.

Please can you post your jail.local config

ghanavat commented 6 years ago

Hi there, thanks for getting back to me. Below is the my jail.local. Only the block for the blacklist:

[blacklist] enabled = true logpath = /var/log/fail2ban.* filter = blacklist action = blacklist bantime = 63072000 findtime = 63072000 maxretry = 3

And this is the error I get in fail2ban.log:

2018-01-31 00:18:18,220 fail2ban.actions.action[21073]: ERROR iptables -N fail2ban- iptables -A fail2ban- -j iptables -I -p -j fail2ban- sort -u /etc/fail2ban/ip.blacklist -o /etc/fail2ban/ip.blacklist cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban- 1 -s $IP -j DROP; done returned 200

mitchellkrogza commented 6 years ago

@ghanavat just a quick question have you tested the commands sort and cat from the command line to make sure they exist?

ghanavat commented 6 years ago

Hi, yes I have tested with both commands. Both files are there. I thought the problem might be the permission, so I have added 'sudo', still no luck. Please advise.

mitchellkrogza commented 6 years ago

Thanks for the feedback @ghanavat was worth checking that to rule them out.

When you copied the action and filter files from the repo did you make sure you copied the raw versions? Did you pull them using wget?

Also can you please check the permissions on the action and filter files on your local machine to see that they are the same as all other actions and filters in the same folders.

ghanavat commented 6 years ago

Hello, yes I have followed the instruction carefully, and copied the file using wget.

I will check the permission of the files again. Will let you know.

ghanavat commented 6 years ago

Hi again, Permission for action.d/blacklist.conf: -rw-r--r-- 1 root root 2946

Permission for filter.d/blacklist.conf: -rw-r--r-- 1 root root 2076

Thanks, Saeed

jd4u commented 4 years ago

in your jail config, change "action=blacklist" to "banaction=blacklist". The error of fail2ban.actions.action will disappear.