Hello,
I have a big problem with fail2ban and firewalld on my new system.
I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?
BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't
work anymore. I have this error or more, in the firewalld
2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I
INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-
sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables
v1.4.21: Set fail2ban-sshd doesn't exist.
Try `iptables -h' or 'iptables --help' for more information.
Is on 7.2 some missing or not installed
I installed fail2ban from the epel repo.
Thanks for a answer,
--
mit freundlichen Gr??en / best regards,
G?nther J. Niederwimmer
In article <1612557.81lQ3GSSy2 at techz>, G?nther J. Niederwimmer <gjn at gjn.priv.at> wrote:> Hello, > > I have a big problem with fail2ban and firewalld on my new system. > > I have a server running (CentOS 7.1) and run a Update to 7.2 on this system > all is working ? > > BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't > work anymore. I have this error or more, in the firewalld > > 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I > INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban- > sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables > v1.4.21: Set fail2ban-sshd doesn't exist. > > Try `iptables -h' or 'iptables --help' for more information. > > Is on 7.2 some missing or not installed > > I installed fail2ban from the epel repo. > Thanks for a answer,Do you have the ipset RPM installed? rpm -q ipset Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
Günther J. Niederwimmer
2015-Dec-19 10:12 UTC
[CentOS] fail2ban problem new installation CentOS 1511
Hello, Am Saturday 19 December 2015, 09:37:14 schrieb Tony Mountifield:> In article <1612557.81lQ3GSSy2 at techz>, > > G?nther J. Niederwimmer <gjn at gjn.priv.at> wrote: > > Hello, > > > > I have a big problem with fail2ban and firewalld on my new system. > > > > I have a server running (CentOS 7.1) and run a Update to 7.2 on this > > system > > all is working ? > > > > BUT I install a new system with CentOS 7 1511 on this systems fail2ban > > don't work anymore. I have this error or more, in the firewalld > > > > 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter > > -I > > INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set > > fail2ban- sshd src -j REJECT --reject-with icmp-port-unreachable' failed: > > iptables v1.4.21: Set fail2ban-sshd doesn't exist. > > > > Try `iptables -h' or 'iptables --help' for more information. > > > > Is on 7.2 some missing or not installed > > > > I installed fail2ban from the epel repo. > > Thanks for a answer, > > Do you have the ipset RPM installed? rpm -q ipsetYes this is installed :-(, I look it before I wrote ;-).> Cheers > Tony-- mit freundlichen Gr??en / best regards, G?nther J. Niederwimmer
On Sat, 19 Dec 2015, G?nther J. Niederwimmer wrote:> Hello, > > I have a big problem with fail2ban and firewalld on my new system. > > I have a server running (CentOS 7.1) and run a Update to 7.2 on this system > all is working ? > > BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't > work anymore. I have this error or more, in the firewalld > > 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I > INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban- > sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables > v1.4.21: Set fail2ban-sshd doesn't exist.Things to check: * the output of "ipset -l -n" to see if you have any ip sets defined * that the fail2ban-firewalld rpm is installed * that firewalld.service and fail2ban.service are both enabled and running -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W