Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning icon indicating copy to clipboard operation
Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

action.d/Blacklist.conf cannot create new chain in IpTables

Open ghanavat opened this issue 7 years ago • 9 comments

Hi,

Thanks for sharing this.

I am having issue with iptables. The new chain for 'blacklist' won't get created. I cannot find any detail error message. There is only a very vague one in Fail2Ban.log file:

fail2ban.actions.action[24130]: ERROR iptables -N fail2ban- ...

I know there is not enough here, but that's all I got. I have changed the loglevel to 4, but got some useless information in fail2ban.log file.

Please can you advise?

Kind regards, Saeed

ghanavat avatar Jan 21 '18 00:01 ghanavat

Is this hub active?

ghanavat avatar Jan 30 '18 23:01 ghanavat

Hi @ghanavat yes it is, my apologies I have been so tied down with other projects.

Please can you post your jail.local config

mitchellkrogza avatar Jan 31 '18 07:01 mitchellkrogza

Hi there, thanks for getting back to me. Below is the my jail.local. Only the block for the blacklist:

[blacklist] enabled = true logpath = /var/log/fail2ban.* filter = blacklist action = blacklist bantime = 63072000 findtime = 63072000 maxretry = 3

And this is the error I get in fail2ban.log:

2018-01-31 00:18:18,220 fail2ban.actions.action[21073]: ERROR iptables -N fail2ban- iptables -A fail2ban- -j iptables -I -p -j fail2ban- sort -u /etc/fail2ban/ip.blacklist -o /etc/fail2ban/ip.blacklist cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban- 1 -s $IP -j DROP; done returned 200

ghanavat avatar Jan 31 '18 20:01 ghanavat

@ghanavat just a quick question have you tested the commands sort and cat from the command line to make sure they exist?

mitchellkrogza avatar Feb 01 '18 07:02 mitchellkrogza

Hi, yes I have tested with both commands. Both files are there. I thought the problem might be the permission, so I have added 'sudo', still no luck. Please advise.

ghanavat avatar Feb 01 '18 22:02 ghanavat

Thanks for the feedback @ghanavat was worth checking that to rule them out.

When you copied the action and filter files from the repo did you make sure you copied the raw versions? Did you pull them using wget?

Also can you please check the permissions on the action and filter files on your local machine to see that they are the same as all other actions and filters in the same folders.

mitchellkrogza avatar Feb 02 '18 07:02 mitchellkrogza

Hello, yes I have followed the instruction carefully, and copied the file using wget.

I will check the permission of the files again. Will let you know.

ghanavat avatar Feb 02 '18 15:02 ghanavat

Hi again, Permission for action.d/blacklist.conf: -rw-r--r-- 1 root root 2946

Permission for filter.d/blacklist.conf: -rw-r--r-- 1 root root 2076

Thanks, Saeed

ghanavat avatar Feb 02 '18 16:02 ghanavat

in your jail config, change "action=blacklist" to "banaction=blacklist". The error of fail2ban.actions.action will disappear.

jd4u avatar Jul 26 '20 03:07 jd4u