Fail2ban.actions.action error iptables

fail2ban.actions.action error iptables

2016-08-14 19:42:55,107 fail2ban.actions.action[666]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH iptables -F fail2ban-SSH. Trying to restore a sane environment 2011-04-02 15:18:08,698 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j. 2012-01-12 17:01:48,215 fail2ban.actions.action: ERROR iptables -D INPUT -m state --state NEW -p tcp --dport http,https -j fail2ban-apache-overflows.

Sorry: Fail2ban.actions.action error iptables

ERROR IN COMMAND LINE DAEMON TOOLS
GIGABYTE HALT ON NO ERRORS
Fail2ban.actions.action error iptables
Fail2ban.actions.action error iptables

Similar video

DevOps \u0026 SysAdmins: fail2ban.action ERROR iptables -w -N f2b-<jail-name> (2 Solutions!!)

Fail2ban.actions.action error iptables - opinion you

fail2ban.actions.action: ERROR, returned 200. #1064

On 06/04/2015 04:02 PM, Daniel Hansson wrote:

I've been googling this issue for a while now and I'm sure there is a simple answer but I can't find it.

It would be helpful to get some additional information (version of Fail2ban, system/platform, relevant fail2ban configs (your jail(s), custom fail2ban.local, jail.local, etc)).

Get this in my fail2banlog.log:

Failed to execute ban jail 'ssh-ddos' action 'iptables-multiport' #3212

PROBLEMS

  1. sftp breaks config
  2. stderr: 'iptables: Too many links.'

Since upgrading to Ubuntu 20.04 from 18.04 (2 days ago) my fail2ban is broken quite a bit.
I had ZERO errors in my log, now I have loads. It happens most prominently with ssh-ddos jail as seen below.

I can see the effects of the problems reflected in my iptables. My iptables are filling up with hundreds of lines like this, where Instead of an IP address I get a RETURN.:

I can see that I have to remove sftp from the list of ports in my ssh-ddos section of jail.local, because it is now legacy (iptables v1.8.4 (legacy)). I will try to do this before posting.

UPDATE:
I was going out of my mind debugging this issue, when I then proceeded to remove sftp from the ports list.
After restarting fail2ban all seems almost back to normal again.
I get these errors when stopping the service.
Bear in mind that I am under attack at the moment and I have
64268 ips in an hash:ip
739 rules in chain f2b-ssh-ddos and
27 rules in chain f2b-recidive
all others are empty.

eventually the all stop though.

Error using fail2ban

Sun Aug 14, 2016 6:11 pm

Hi,

Just installed Fai2Ban on RPIB+. During installation I didn't have any kind of error, but IP numbers ain't banned after a few unaccepted logins.

The error(s) I can find (in /var/log/fail2ban.log) is:

2016-08-14 18:34:30,684 fail2ban.filter [666]: ERROR Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'
2016-08-14 18:34:30,752 fail2ban.filter [666]: ERROR Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'
2016-08-14 19:42:54,991 fail2ban.server [666]: INFO Stopping all jails
2016-08-14 19:42:55,107 fail2ban.actions.action[666]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
iptables -F fail2ban-SSH
iptables -X fail2ban-SSH returned 100
2016-08-14 19:42:55,110 fail2ban.jail [666]: INFO Jail 'ssh' stopped
2016-08-14 19:42:56,109 fail2ban.jail [666]: INFO Jail 'ssh-ddos' stopped
2016-08-14 19:42:56,127 fail2ban.server [666]: INFO Exiting Fail2ban

Google gives hints, but doesn't help me solving the problem ...

  1. 2012-01-1217:01:48,215 fail2ban.actions.action: ERROR iptables -D INPUT -m state --state NEW -p tcp --dport http,https -j fail2ban-apache-overflows

  2. iptables -F fail2ban-apache-overflows

  3. iptables -X fail2ban-apache-overflows returned 100

  4. 2012-01-1217:01:48,215 fail2ban.jail : INFO Jail 'apache-overflows' stopped

  5. 2012-01-1217:01:48,747 fail2ban.actions.action: ERROR iptables -D INPUT -m state --state NEW -p tcp --dport http,https -j fail2ban-apache

  6. iptables -F fail2ban-apache

  7. iptables -X fail2ban-apache returned 100

  8. 2012-01-1217:01:49,151 fail2ban.jail : INFO Jail 'apache' stopped

  9. 2012-01-1217:01:49,967 fail2ban.actions.action: ERROR iptables -D INPUT -m state --state NEW -p tcp --dportssh-j fail2ban-ssh-ddos

  10. iptables -F fail2ban-ssh-ddos

  11. iptables -X fail2ban-ssh-ddos returned 100

  12. 2012-01-1217:01:49,967 fail2ban.jail : INFO Jail 'ssh-ddos' stopped

  13. 2012-01-1217:01:50,167 fail2ban.actions.action: ERROR iptables -D INPUT -m state --state NEW -p tcp --dportssh-j fail2ban-ssh

  14. iptables -F fail2ban-ssh

  15. iptables -X fail2ban-ssh returned 100

Bug#860896: fail2ban: iptables returned 100

Hello, Le 11/05/2017 à 03:44, Yaroslav Halchenko a écrit :
try to stop fail2ban, cleanse all the fail2ban entries from the firewall and try to start it again -- if it fails to start then -- provide full log file for that run not just an excerpt
I already tried that several times.
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Here are the full logs I get when I start fail2ban after that:
2017-05-11 10:16:32,533 fail2ban.server [13737]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13 2017-05-11 10:16:32,538 fail2ban.jail [13737]: INFO Creating new jail 'ssh' 2017-05-11 10:16:32,543 fail2ban.jail [13737]: INFO Jail 'ssh' uses poller 2017-05-11 10:16:32,712 fail2ban.jail [13737]: INFO Initiated 'polling' backend 2017-05-11 10:16:32,721 fail2ban.filter [13737]: INFO Added logfile = /var/log/auth.log 2017-05-11 10:16:32,726 fail2ban.filter [13737]: INFO Set maxRetry = 6 2017-05-11 10:16:32,737 fail2ban.filter [13737]: INFO Set findtime = 600 2017-05-11 10:16:32,742 fail2ban.actions[13737]: INFO Set banTime = 600 2017-05-11 10:16:33,114 fail2ban.jail [13737]: INFO Jail 'ssh' started 2017-05-11 10:16:33,224 fail2ban.actions.action[13737]: ERROR iptables -N fail2ban-ssh iptables -A fail2ban-ssh -j RETURN iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100
And here is my iptables after that:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (0 references) target prot opt source destination RETURN all -- anywhere anywhere
2017-05-11 08:51:53,412 fail2ban.actions[2277]: WARNING [ssh] Ban 217.197.240.117 2017-05-11 08:51:53,430 fail2ban.actions.action[2277]: ERROR iptables -n -L INPUT

UPDATE:

Running on Ubuntu 14.04 Server.

So I have fail2ban correctly configured to process for SSH login attempts.

Upon 3 failed attempts I see this in the fail2ban log:

shows this chain:

Yet from that IP I can still login via SSH without any issues.

The same story applies for all my fail2ban jails, fail2ban.actions.action error iptables. Apache for example, I can see fail2ban correctly detect the log and claim it bans an IP. The IP ends up in an iptables chain but the IP is not actually being REJECTED.

I have a feeling in these cases is because SSH is not on the standard port. It is on a different port.

So if I force the ssh jail rule to use the new port:

Then I see this error:

If I leave it as

Then it gets into iptables properly but the chain is not working to traffic (as mentioned above).

If I change:

To:

Then it appears to work, fail2ban.actions.action error iptables. What is the repercussions of this change?

It appears that causing to ban an IP because of SSH with this it banned EVERY port for that IP, fail2ban.actions.action error iptables. Purposefully got banned due to repeated ssh login fails. Also got banned on every other service.

power policy file error fail2ban: iptables returned 100

Hello, Le 11/05/2017 à 03:44, Yaroslav Halchenko a écrit :
try to stop fail2ban, cleanse all the fail2ban entries from the firewall and try to start it again -- if it fails to start then -- provide full log file for fail2ban.actions.action error iptables run not just an excerpt
I already tried that several times.
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Here are the full logs I get when I start fail2ban after that:
2017-05-11 10:16:32,533 fail2ban.server [13737]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13 2017-05-11 10:16:32,538 fail2ban.jail [13737]: INFO Creating new jail 'ssh' 2017-05-11 10:16:32,543 fail2ban.jail [13737]: INFO Fail2ban.actions.action error iptables 'ssh' uses poller 2017-05-11 10:16:32,712 fail2ban.jail [13737]: INFO Initiated 'polling' backend 2017-05-11 10:16:32,721 fail2ban.filter [13737]: INFO Added logfile = /var/log/auth.log 2017-05-11 10:16:32,726 fail2ban.filter [13737]: INFO Set maxRetry = 6 2017-05-11 10:16:32,737 fail2ban.filter [13737]: INFO Set findtime = 600 2017-05-11 10:16:32,742 fail2ban.actions[13737]: INFO fail2ban.actions.action error iptables Set banTime = 600 2017-05-11 10:16:33,114 fail2ban.jail [13737]: INFO Jail 'ssh' started 2017-05-11 10:16:33,224 fail2ban.actions.action[13737]: ERROR iptables -N fail2ban-ssh iptables -A fail2ban-ssh -j RETURN iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 100
And here is my iptables after that:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (0 references) target prot opt source destination RETURN all -- anywhere fail2ban.actions.action error iptables anywhere
2017-05-11 08:51:53,412 fail2ban.actions[2277]: WARNING [ssh] Ban error /[email protected], 700000/[email protected] rx overflow 217.197.240.117 2017-05-11 08:51:53,430 fail2ban.actions.action[2277]: ERROR fail2ban.actions.action error iptables iptables -n -L INPUT

What are fail2ban's log iptables "returned NNN" entries? (Fail2ban is failing to ban)

In my there are some entries the meaning of which I don't understand (and haven't found searching around). I have several "jails", and I have created one particular one that bans IP's when they try to connect to web server searching for scripts, I guess., fail2ban.actions.action error iptables. These are some entries from a given IP (sorry about the long log):

To prevent this, I have set up a custom jail in :

And this is /

(same as the default filter)

Fail2ban does ban some IP's when they work against some filters, but not against my custom one, fail2ban.actions.action error iptables. Some lines from :

As you can see, something fails when trying to ban an attack against my custom filter (so such attacks are detected, but not correctly banned, I don't know why)

So my questions would be:

  • Are those errors a problem or an one?
  • What do those errors mean?. and. how can they be avoided?
  • What am I doing wrong, or how could I correct this behaviour?

EDIT:

Maybe this is useful to answer the question (or not), but shows no trace of fail2ban.actions.action error iptableswhile other jails are present:

Does this give any further clue?

grep -q 'fail2ban-ssh[ \t]' returned 100 2017-05-11 08:51:53,431 fail2ban.actions.action[2277]: Gigabyte ga-z77x-ud5h error code ae Invariant check failed. Trying to restore a sane environment 2017-05-11 08:51:53,504 fail2ban.actions.action[2277]: ERROR iptables -N fail2ban-ssh iptables -A fail2ban-ssh -j RETURN iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban.actions.action error iptables returned 100
Regards, fail2ban.actions.action error iptables,

fail2ban.actions.action: ERROR, returned 200. #1064

On 06/04/2015 04:02 PM, Daniel Hansson wrote:

I've been googling this issue for a while now and I'm sure there is a simple answer but I can't find it.

It would be helpful to get some additional information (version of Fail2ban, system/platform, relevant fail2ban configs (your jail(s), custom fail2ban.local, jail.local, etc)).

Get this in my fail2banlog.log:

2015-06-03 23:03:37,286 fail2ban.actions.action: ERROR ipset --create fail2ban-ssh-iptables-ipset4 iphash
iptables -I INPUT -p tcp -m multiport --dports ssh -m set --match-set fail2ban-ssh-iptables-ipset4 src -j REJECT --reject-with icmp-port-unreachable returne$
2015-06-03 23:03:37,288 fail2ban.actions.action: ERROR ipset create fail2ban-ssh-iptables-ipset6 hash:ip timeout 600
iptables -I INPUT -p tcp -m multiport --dports ssh -m set --match-set fail2ban-ssh-iptables-ipset6 src -j REJECT --reject-with icmp-port-unreachable returne$
2015-06-04 02:23:08,490 fail2ban.actions.action: ERROR ipset --create fail2ban-ssh-iptables-ipset4 iphash
iptables -I INPUT -p tcp -m multiport --dports ssh -m set --match-set fail2ban-ssh-iptables-ipset4 src -j REJECT --reject-with icmp-port-unreachable returne$
2015-06-04 02:23:08,505 fail2ban.actions.action: ERROR ipset create fail2ban-ssh-iptables-ipset6 hash:ip timeout 600
iptables -I Sensor error ge microwave -p tcp -m multiport --dports ssh -m set --match-set fail2ban-ssh-iptables-ipset6 src -j REJECT --reject-with icmp-port-unreachable returne$

Can you run and provide the output?

fail2ban.actions.action error iptables

0 Comments

Leave a Comment