Comment added to BZ which was supposed to be "fixed"...
For some reason fail2ban is not creating the ipset set... I ran fail2ban manually with DEBUG log level and I can see where it sets everything up, says it's OK, but I never see it call ipset to create the set so firewalld obviously complains about not being able to find it because fail2ban DOES create the rule (from DEBUG output:
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable
Ok, I just tried running:
fail2ban-server -xf --loglevel 5 --logtarget STDOUT | grep ipset
And this time it DID create the ipset...
New theory... fail2ban only creates the set if it has an ip to add to it?
Spent too much time on this today.
Thanks,
Richard
Thanks,
Richard
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
