Fail2Ban does not ban, issues with iptables I guess
Re: Fail2Ban does not ban, issues with iptables I guess
SELinux disabled on this machine. Asterisk does not run with SELinux
Re: Fail2Ban does not ban, issues with iptables I guess
Nasty... So, what happens if you run the command yourself from a root prompt?
Code: Select all
firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.
Re: Fail2Ban does not ban, issues with iptables I guess
Here is what I get:
I wonder maybe its a problem due to the fact that OS shutting down?
Code: Select all
[root@localhost ~]# firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject
Warning: NOT_ENABLED
[root@localhost ~]#
Re: Fail2Ban does not ban, issues with iptables I guess
That's just a message saying the rule could not be found. At this point, double check your configuration. Fail2Ban should create iptables rules in chain INPUT_direct; Yours is trying to purge rules from chain INPUT and apparently cannot find them.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.
Re: Fail2Ban does not ban, issues with iptables I guess
Ok. I got it running, however there is something in "reboot" process. First of all, CentOS7 base install does not have ipset enabled. So, all those commands look like they run but there is no banning taking place.
After I run this, everything works properly.
When I do systemctl restart fail2ban it also runs fine with no error or warning in log.
It's when I do reboot I get those errors in fail2ban.log. I guess no big deal, but just don't feel "right".
Also, I don't understand why not use "rich rules" built into firewall-cmd ?
After I run this, everything works properly.
Code: Select all
# Is IPsec enabled?
firewall-cmd --zone=public --query-service=ipsec
# No? Then enable it:
firewall-cmd --zone=public --add-service=ipsec
# and next reboot too:
firewall-cmd --permanent --zone=public --add-service=ipsec
It's when I do reboot I get those errors in fail2ban.log. I guess no big deal, but just don't feel "right".
Also, I don't understand why not use "rich rules" built into firewall-cmd ?
Re: Fail2Ban does not ban, issues with iptables I guess
The use of ipsec is peculiar to your network topology, I presume, while ipset is a fail2ban dependence. As for the other questions, they will need to be addressed to the fail2ban maintainers, I guess.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.