problem with fail2ban and firewall

[zaca]

Hello to evrybody

I havee one VPS . OS on that mashine is Centos 7(CentOS Linux release 7.3.1611 (Core)).

My problem is that I could not manage to adjust fail2ban and firewall. I copy jail.conf to jail.local and I made some changes:

[sshd]
enabled = true
banaction = firewallcmd-ipset
action = %(action_mw)s

If someone can help me with this?

This is some outputs:
sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 7
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 1
`- Banned IP list:

systemctl status firewalld -l
* firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2017-01-26 13:15:10 UTC; 1h 30min ago
Docs: man:firewalld(1)
Main PID: 655 (firewalld)
CGroup: /system.slice/firewalld.service
`-655 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jan 26 13:15:12 28058.s.t4vps.eu firewalld[655]: WARNING: '/usr/sbin/iptables-restore -n' failed:
Jan 26 13:15:12 28058.s.t4vps.eu firewalld[655]: ERROR: COMMAND_FAILED
Jan 26 13:15:12 28058.s.t4vps.eu firewalld[655]: WARNING: '/usr/sbin/iptables-restore -n' failed:
Jan 26 13:15:12 28058.s.t4vps.eu firewalld[655]: ERROR: COMMAND_FAILED
Jan 26 13:30:22 28058.s.t4vps.eu firewalld[655]: ERROR: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', '22', '-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
Jan 26 13:30:24 28058.s.t4vps.eu firewalld[655]: ERROR: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', '0:65535', '-m', 'set', '--match-set', 'fail2ban-sendmail', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT'
Jan 26 13:30:25 28058.s.t4vps.eu firewalld[655]: WARNING: '/usr/sbin/iptables-restore -n' failed:
Jan 26 13:30:25 28058.s.t4vps.eu firewalld[655]: ERROR: COMMAND_FAILED
Jan 26 13:30:25 28058.s.t4vps.eu firewalld[655]: WARNING: '/usr/sbin/iptables-restore -n' failed:
Jan 26 13:30:25 28058.s.t4vps.eu firewalld[655]: ERROR: COMMAND_FAILED


firewall-cmd --state
not running


more /var/log/firewalld

2017-01-26 13:15:08 ERROR: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', '22', '-m',
'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')
' is not in 'ipv4:filter:INPUT'
2017-01-26 13:15:10 ERROR: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', '0:65535', '-
m', 'set', '--match-set', 'fail2ban-sendmail', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreac
hable')' is not in 'ipv4:filter:INPUT'
2017-01-26 13:15:11 WARNING: ipset not usable, disabling ipset usage in firewall.
2017-01-26 13:15:11 WARNING: ip6tables not usable, disabling IPv6 firewall.
2017-01-26 13:15:11 WARNING: ebtables not usable, disabling ethernet bridge firewall.
2017-01-26 13:15:11 ERROR: COMMAND_FAILED
2017-01-26 13:15:12 WARNING: '/usr/sbin/iptables-restore -n' failed:
2017-01-26 13:15:12 ERROR: COMMAND_FAILED
2017-01-26 13:15:12 WARNING: '/usr/sbin/iptables-restore -n' failed:
2017-01-26 13:15:12 ERROR: COMMAND_FAILED

[TrevorH]

What is the output from uname -a ?

[zaca]

Linux 28058 2.6.32-042stab120.6 #1 SMP Thu Oct 27 16:59:03 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux

[TrevorH]

There's the source of your problems - that is not CentOS, it's an openvz container and many things are controlled by the host and cannot be done from the container. You need to talk to your hoster.

[zaca]

thanks
I will do that