I have been using fail2ban for months without any issues but after a CentOS upgrade it stopped working. It seems it doesn't create the iptables entries. I have already tried restarting fail2ban, restarting the VPS, and all the basic stuff. The relevant errors are:
In /var/log/fail2ban.log:
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
In /var/log/firewalld:
2020-01-12 12:15:53 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:53 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed
2020-01-12 12:15:54 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory
iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Contents of /etc/systemd/system/multi-user.target.wants/fail2ban.service:
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=iptables.service firewalld.service
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
Here's the full /var/log/fail2ban.log until the error occurs:
2020-01-12 12:15:51,018 fail2ban.server [496]: INFO Starting Fail2ban v0.10.4
2020-01-12 12:15:51,037 fail2ban.database [496]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-01-12 12:15:51,183 fail2ban.jail [496]: INFO Creating new jail 'sshd'
2020-01-12 12:15:51,834 fail2ban.jail [496]: INFO Jail 'sshd' uses systemd {}
2020-01-12 12:15:51,836 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,837 fail2ban.filter [496]: INFO maxLines: 1
2020-01-12 12:15:51,878 fail2ban.filtersystemd [496]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,879 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,880 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,880 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Creating new jail 'webmin-auth'
2020-01-12 12:15:51,882 fail2ban.jail [496]: INFO Jail 'webmin-auth' uses systemd {}
2020-01-12 12:15:51,883 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,889 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,890 fail2ban.actions [496]: INFO banTime: 600
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Creating new jail 'proftpd'
2020-01-12 12:15:51,891 fail2ban.jail [496]: INFO Jail 'proftpd' uses systemd {}
2020-01-12 12:15:51,893 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,898 fail2ban.filtersystemd [496]: INFO [proftpd] Added journal match for: '_SYSTEMD_UNIT=proftpd.service'
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,899 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,900 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Creating new jail 'postfix'
2020-01-12 12:15:51,901 fail2ban.jail [496]: INFO Jail 'postfix' uses systemd {}
2020-01-12 12:15:51,902 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,913 fail2ban.filtersystemd [496]: INFO [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,914 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,915 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Creating new jail 'dovecot'
2020-01-12 12:15:51,916 fail2ban.jail [496]: INFO Jail 'dovecot' uses systemd {}
2020-01-12 12:15:51,917 fail2ban.jail [496]: INFO Initiated 'systemd' backend
2020-01-12 12:15:51,926 fail2ban.filtersystemd [496]: INFO [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-01-12 12:15:51,926 fail2ban.datedetector [496]: INFO date pattern `''`: `{^LN-BEG}TAI64N`
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO maxRetry: 5
2020-01-12 12:15:51,927 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,928 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:51,928 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:51,929 fail2ban.jail [496]: INFO Creating new jail 'postfix-reject-dynamo'
2020-01-12 12:15:52,032 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' uses poller {}
2020-01-12 12:15:52,033 fail2ban.jail [496]: INFO Initiated 'polling' backend
2020-01-12 12:15:52,118 fail2ban.filter [496]: INFO Added logfile: '/var/log/maillog' (pos = 17320260, hash = 48479d10b4c7d022471955ff13511a8c)
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO maxRetry: 3
2020-01-12 12:15:52,119 fail2ban.filter [496]: INFO encoding: ANSI_X3.4-1968
2020-01-12 12:15:52,120 fail2ban.filter [496]: INFO findtime: 600
2020-01-12 12:15:52,120 fail2ban.actions [496]: INFO banTime: 3600
2020-01-12 12:15:52,222 fail2ban.jail [496]: INFO Jail 'sshd' started
2020-01-12 12:15:52,260 fail2ban.filtersystemd [496]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2020-01-12 12:15:52,269 fail2ban.jail [496]: INFO Jail 'webmin-auth' started
2020-01-12 12:15:52,401 fail2ban.jail [496]: INFO Jail 'proftpd' started
2020-01-12 12:15:52,659 fail2ban.jail [496]: INFO Jail 'postfix' started
2020-01-12 12:15:52,787 fail2ban.jail [496]: INFO Jail 'dovecot' started
2020-01-12 12:15:52,800 fail2ban.jail [496]: INFO Jail 'postfix-reject-dynamo' started
2020-01-12 12:15:52,994 fail2ban.actions [496]: NOTICE [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils [496]: ERROR 7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions [496]: ERROR Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': <function <lambda> at 0x7f4db41bf578>, 'family': 'inet4', 'raw-ticket': <function <lambda> at 0x7f4db41bfa28>})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports
CentOS Linux release 7.7.1908 (Core)
I have no clue what is happening here..
I appreciate your help.
Best Answer
Well this is not fail2ban error.
Basically fail2ban tries to run following commands (you can try this by yourself in shell as root):
For some reason
firewall-cmdor ratheriptables-restore, which seems to be internally used by firewall-cmd, fail with:Normally this message does not make sense, because
firewall-cmdis creating this chain, and this error looks like it would create some rule targeting chainf2b-postfix-reject-dynamowhich is still don't exist for some reason. You should check whether there are some persistent rules targeting this (not existsing) chain and repair (or remove) it.For example you'd see the same error if you will try to execute this without first command:
which is pretty clear an error (first command creating a chain is commented).
So some internal stream firewalld trying to restore using
iptables-restoreseems to be wrong (contains invalid references).BTW, why you won't use directly iptables instead of firewalld?