Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH Is this because of the way the RedHat tool sets up the firewall? Thanks for any responses. -- "The secret impresses no-one, the trick you use it for is everything" - Alfred Borden (The Prestiege)
Devraj Mukherjee wrote:> Hi all, > > I am trying to get fail2ban going on my server and its log message > reports the following error > > 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q > fail2ban-SSH' returned 256 > 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh > -j fail2ban-SSH > > Is this because of the way the RedHat tool sets up the firewall? > > Thanks for any responses. > >First, have you installed iptables, shorewall, and tcp-wrappers installed? Second, have you tried the failed grep expression, i.e., have you tried iptables -L INPUT | grep -q fail2ban-SSH As to why this would fail, you need to ask on the fail2ban mailing list since evidently this appears to be part of the installation. The iptables can be setup by anyone - RedHat simply provides a default set of rules. -- Article. VI. Clause 3 of the constitution of the United States states: "The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States."
On Saturday 28 February 2009 23:45, Devraj Mukherjee wrote:> Hi all, > > I am trying to get fail2ban going on my server and its log message > reports the following error > > 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q > fail2ban-SSH' returned 256 > 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh > -j fail2ban-SSH > > Is this because of the way the RedHat tool sets up the firewall? > > Thanks for any responses.Redhart in their great wisdom decided to make themselve different. As a way of making it's customers dependant on them. This is simple to fix. Edit the rule set with your favoirate editor and do the following: Remove all the lines with -j RH-Firewall-1-INPUT. Replace all the lines with RH-Firewall-1-INPUT with INPUT The original looks something like this: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT The new should look something like this: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -p 50 -j ACCEPT -A INPUT -p 51 -j ACCEPT -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A INPUT -p udp -m udp --dport 631 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Fail2Ban should work now. -- Regards Robert Linux User #296285 http://counter.li.org