Re: fail2ban ban not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 4/7/20 11:54 AM, Gary Stainburn wrote:
I have fail2ban on my mail server monitoring Dovecot and Exim.

I have noticed that it has stopped banning IP's.  I have seen in /var/log/fail2ban.log:

2020-04-07 09:42:05,875 fail2ban.filter         [16138]: INFO    [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05
2020-04-07 09:42:06,408 fail2ban.actions        [16138]: NOTICE  [dovecot] Ban 77.40.61.224
2020-04-07 09:42:06,981 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- exec: ipset create f2b-dovecot hash:ip timeout 3600000
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 0:65535 -m set --match-set f2b-dovecot src -j REJECT --reject-with icmp-port-unreachable
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: "ipset v7.1: Syntax error: '3600000' is out of range 0-2147483"
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Set f2b-dovecot doesn't exist."
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: ''
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: 'Error occurred at line: 2'
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- stderr: ''
2020-04-07 09:42:06,982 fail2ban.utils          [16138]: ERROR   7ff736d6f930 -- returned 13

In /var/log/firewalld I got

2020-04-07 09:42:06 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Set f2b-dovecot doesn't exist.

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Looking back at my logs, this has been going on some time. Any advice on fixing this would be appreciated
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

"ipset v7.1: Syntax error: '3600000' is out of range 0-2147483"
This is the problem. You could try to reduce the 'ban' time (for whatever rules you have for dovecot) so that it would be in that interval and restart fail2ban service.

--
Marius

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux