Re: fail2ban + firewalld suggestions needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok using Jonathan's suggestion for the settings from a clean install I'm getting an error whether I use the systemd backend or not...

2014-03-19 22:06:57,956 fail2ban.server.server[12698]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.0
2014-03-19 22:06:57,961 fail2ban.server.database[12698]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2014-03-19 22:06:58,072 fail2ban.server.jail[12698]: INFO    Creating new jail 'sshd'
2014-03-19 22:06:58,134 fail2ban.server.jail[12698]: INFO    Jail 'sshd' uses pyinotify
2014-03-19 22:06:58,175 fail2ban.server.filter[12698]: INFO    Set jail log file encoding to UTF-8
2014-03-19 22:06:58,194 fail2ban.server.jail[12698]: INFO    Initiated 'pyinotify' backend
2014-03-19 22:06:58,463 fail2ban.server.filter[12698]: INFO    Added logfile = /var/log/secure
2014-03-19 22:06:58,558 fail2ban.server.filter[12698]: INFO    Set maxRetry = 5
2014-03-19 22:06:58,560 fail2ban.server.filter[12698]: INFO    Set jail log file encoding to UTF-8
2014-03-19 22:06:58,561 fail2ban.server.actions[12698]: INFO    Set banTime = 3600
2014-03-19 22:06:58,564 fail2ban.server.filter[12698]: INFO    Set findtime = 600
2014-03-19 22:06:58,566 fail2ban.server.filter[12698]: INFO    Set maxlines = 10
2014-03-19 22:06:58,658 fail2ban.server.server[12698]: INFO    Jail sshd is not a JournalFilter instance
2014-03-19 22:06:58,671 fail2ban.server.jail[12698]: INFO    Jail 'sshd' started
2014-03-19 22:06:58,981 fail2ban.server.action[12698]: ERROR   ipset create fail2ban-sshd hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: "\x1b[91mError: COMMAND_FAILED: '/sbin/iptables -t filter -I INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables v1.4.19.1: Set fail2ban-sshd doesn't exist.\n\nTry `iptables -h' or 'iptables --help' for more information.\x1b[00m\n"
2014-03-19 22:06:58,981 fail2ban.server.action[12698]: ERROR   ipset create fail2ban-sshd hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stderr: '/bin/sh: ipset: command not found\n'
2014-03-19 22:06:58,981 fail2ban.server.action[12698]: ERROR   ipset create fail2ban-sshd hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- returned 13
2014-03-19 22:06:58,981 fail2ban.server.actions[12698]: ERROR   Failed to start jail 'sshd' action 'firewallcmd-ipset': Error starting action

What am I doing wrong?

Thanks,
Richard
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux