Score:0

fail2ban iptables returned 200, iptables 0 references

vn flag

I installed fail2ban but on start I got multiple error messages:

iptables -n -L gives me 0 references for each jail. (should be 1?)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-apache-auth (0 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-apache-badbots (0 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-apache-nokiddies (0 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain fail2ban-php-url-fopen (0 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Also I m getting error messages like:

fail2ban.actions.action: ERROR  iptables -N fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
iptables -I <known/chain> -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200
2022-04-30 14:25:10,428 fail2ban.jail   : INFO   Jail 'skinlou_x' started
2022-04-30 14:25:10,429 fail2ban.jail   : INFO   Jail 'apache-auth' started
2022-04-30 14:25:10,430 fail2ban.actions.action: ERROR  iptables -N fail2ban-php-url-fopen
iptables -A fail2ban-php-url-fopen -j RETURN

I tried to reinstall fail2ban but it is always same. Thank you for help.

Score:0
il flag

iptables -I <known/chain> -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200

Normally <known/chain> would be replaced by INPUT or something similar.

Which banning action is configured there? Is it some custom action (or is there some /etc/fail2ban/action.d/*.local file overwriting some setting)?

Otherwise it looks like versions conflict to me. Are you trying to use some new config files with older fail2ban version? Anyway to do full reinstall, save your configuration /etc/fail2ban, uninstall fail2ban, remove /etc/fail2ban, install fail2ban and try to restore your local jail configuration in /etc/fail2ban/jail.local from your backup.

Also note https://github.com/fail2ban/fail2ban/wiki/How-to-install-or-upgrade-fail2ban-manually

By the way, I wonder why your iptables chains are called fail2ban-* whether fail2ban, already since some v.0.9 version, uses f2b-* names for the chains.
Which fail2ban version is it?

vn flag
hi, thank you it was probably a version conflict. I removed all files and uninstalled fail2ban and then manually installed newer version. The older one was 0.8
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.