View Single Post
  #3  
Old 14th November 2012, 20:02
Quasdunk Quasdunk is offline
Junior Member
 
Join Date: Sep 2012
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
I think you can configure fail2ban to not use iptables.
I think fail2ban should actually be working fine.
As a workaround, I made the following changes in /etc/fail2ban/action.d/iptables-multiport.conf:

Quote:
[Definition]
actionstart =
#actionstart = iptables -N fail2ban-<name>
# iptables -A fail2ban-<name> -j RETURN
# iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>

actionstop =
#actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
# iptables -F fail2ban-<name>
# iptables -X fail2ban-<name>

actioncheck =
#actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>

actionban = php -f /etc/fail2ban/firewallapi.php add INPUT "<ip>" DROP
#actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP

actionunban = php -f /etc/fail2ban/firewallapi.php delete INPUT "<ip>" DROP
#actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
So basically, everything is commented out and the actionban and actionunban are handled by a PHP-script which queries against the vServer-API. These changes were recommended by my hosting provider.
After changing it as shown above, fail2ban was able to start again (I was getting a 300 error before). Here's what /var/log/fail2ban.log says:
Quote:
fail2ban.jail : INFO Creating new jail 'ssh'
fail2ban.filter : INFO Added logfile = /var/log/auth.log
...
fail2ban.jail : INFO Creating new jail 'pureftpd'
fail2ban.filter : INFO Added logfile = /var/log/syslog
...
fail2ban.jail : INFO Creating new jail 'dovecot-pop3imap'
fail2ban.filter : INFO Added logfile = /var/log/mail.log
...
fail2ban.jail : INFO Jail 'ssh' started
fail2ban.jail : INFO Jail 'pureftpd' started
fail2ban.jail : INFO Jail 'dovecot-pop3imap' started
So fail2ban seems to be running correctly, BUT: It doesn't seem to care about the filters, because nothing happens (and nothing is logged) even when I try to provoke a ban on purpose. And I suppose it has something to do with ISPConfig endlessly reporting that one error over and over again in /var/log/ispconfig/cron.log:
Quote:
iptables v1.4.12: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.4.12: can't initialize ip6tables table `filter': Permission denied (you must be root)
Perhaps ip6tables or your kernel needs to be upgraded.
But if fail2ban is running, what else could be causing that error?
Reply With Quote