On Thu, Mar 20, 2014 at 8:54 AM, Jonathan Underwood <jonathan.underwood@xxxxxxxxx> wrote:
Installing ipset should be sufficient to start the fail2ban service.On 20 March 2014 13:04, Richard Shaw <hobbes1069@xxxxxxxxx> wrote:
> On Wed, Mar 19, 2014 at 10:57 PM, Orion Poplawski <orion@xxxxxxxxxxxxx>
> wrote:
>>
>> On 03/19/2014 09:10 PM, Richard Shaw wrote:
>> > Ok using Jonathan's suggestion for the settings from a clean install I'm
>> > getting an error whether I use the systemd backend or not...
>> >
>> >[12698]: ERROR ipset
>> > create fail2ban-sshd hash:ip timeout 600
>> > firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport
>> > --dports ssh -m set --match-set fail2ban-sshd src -j REJECT
>> > --reject-with icmp-port-unreachable -- stderr: '/bin/sh: ipset: command
>> > not found\n'
>> ^^^^^^^^
>>
>> Currently we're missing a requires on ipset.
>
>
>
> Ok, is installing ipset sufficient or do I need to enable the service as
> well?
But, you'll need to have selinux-policy-3.12.1-135 or later installed,
otherwise you'll hit this:
https://bugzilla.redhat.com/show_bug.cgi?id=1069640
Thanks, that indeed seem to be enough. I'm seeing banned IPs not in the log, I have to assume that they're being banned successfully though...
Thanks,
Richard
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct