[BUG] iptables-common.conf not in fail2ban v1.1.0
davemidd opened this issue · comments
Describe the bug
fail2ban v1.1.0 doesn't have iptables-common.conf. Instead, iptables.conf should be used.
To Reproduce
Install fail2ban add-on as per instructions.
Restart fail2ban.
fail2ban log shows:
2024-06-19 16:03:26,358 fail2ban.jail [5122]: INFO Jail 'nginxrepeatoffender' started
2024-06-19 16:03:26,368 fail2ban.utils [5122]: ERROR 7ddbcddcf550 -- exec: <iptables> -N f2b-nginxrepeatoffender
<iptables> -A f2b-nginxrepeatoffender -j <returntype>
<iptables> -I <known/chain> -p tcp -j f2b-nginxrepeatoffender
sort -u /etc/fail2ban/nginx.repeatoffender -o /etc/fail2ban/nginx.repeatoffender
cat /etc/fail2ban/nginx.repeatoffender | while read IP; do iptables -I f2b-nginxrepeatoffender 1 -s $IP -j DROP; done
2024-06-19 16:03:26,369 fail2ban.utils [5122]: ERROR 7ddbcddcf550 -- stderr: '/bin/sh: 1: cannot open iptables: No such file'
2024-06-19 16:03:26,369 fail2ban.utils [5122]: ERROR 7ddbcddcf550 -- stderr: '/bin/sh: 3: Syntax error: newline unexpected'
2024-06-19 16:03:26,370 fail2ban.utils [5122]: ERROR 7ddbcddcf550 -- returned 2
2024-06-19 16:03:26,370 fail2ban.actions [5122]: ERROR Failed to start jail 'nginxrepeatoffender' action 'nginxrepeatoffender': Error starting action Jail('nginxrepeatoffender')/nginxrepeatoffender: 'Script error'
Expected behavior
fail2ban should start without errors
Server (please complete the following information):
-
Operating System:
-
Ubuntu
-
Specify Exact Version of OS:
Linux aws-voxivo-redirect 6.8.0-1009-aws #9-Ubuntu SMP Fri May 17 14:39:23 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
- Nginx Version [post output of sudo nginx -v]
nginx version: nginx/1.24.0 (Ubuntu)
Additional information
Fixed by changing [INCLUDES] for action.d/nginxrepeatoffender.conf to 'before = iptables.conf' (instead of iptables-common.conf)