Tell ISPConfig to stop trying to initialize iptables

Discussion in 'Installation/Configuration' started by Quasdunk, Nov 14, 2012.

  1. Quasdunk

    Quasdunk New Member

    I've installed ISPConfig 3 on a vServer on which I'm not able to use iptables.

    I believe I was able to get fail2ban running via a php-scrip accessing the server's web-interface and adding/deleting the firewall-rules there (the script is working fine, but I haven't seen any ban-events triggered yet, which is very unusual, because we could observe break-in attempts permanently on the old server).

    The ISPConfig-log, however, keeps telling me the same thing over and over again:

    /var/log/ispconfig/cron.log:
    How can I make it stop - or maybe even fix it?
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I think you can configure fail2ban to not use iptables.
     
  3. Quasdunk

    Quasdunk New Member

    I think fail2ban should actually be working fine.
    As a workaround, I made the following changes in /etc/fail2ban/action.d/iptables-multiport.conf:

    So basically, everything is commented out and the actionban and actionunban are handled by a PHP-script which queries against the vServer-API. These changes were recommended by my hosting provider.
    After changing it as shown above, fail2ban was able to start again (I was getting a 300 error before). Here's what /var/log/fail2ban.log says:
    So fail2ban seems to be running correctly, BUT: It doesn't seem to care about the filters, because nothing happens (and nothing is logged) even when I try to provoke a ban on purpose. And I suppose it has something to do with ISPConfig endlessly reporting that one error over and over again in /var/log/ispconfig/cron.log:
    But if fail2ban is running, what else could be causing that error?
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    The errors are most likely caused by the ispconfig monitor which checks your server every 5 minutes.

    Search for iptables in the file /usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php
     

Share This Page