Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fail2ban script output incorrect #1677

Closed
casperklein opened this issue Nov 4, 2020 · 2 comments · Fixed by #1679
Closed

fail2ban script output incorrect #1677

casperklein opened this issue Nov 4, 2020 · 2 comments · Fixed by #1679
Assignees
@georglauterbach

Comments

@casperklein
Copy link
Member

Context

I noticed today, that the output from the fail2ban script is a bit weired:

root@mail:/# fail2ban
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Banned in postfix-sasl:
Banned in postfix-sasl:
Banned in postfix-sasl: 58.57.4.238
Banned in postfix-sasl:
iptables: No chain/target/match by that name.
Banned in sshd:
Banned in sshd:
Banned in sshd: 58.57.4.238
Banned in sshd:

My iptables at the time:

root@mail:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-postfix-sasl  tcp  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination
DROP       all  --  58.57.4.238          0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

As you can see, only one IP is blocked in the f2b-postfix-sasl chain.
However the script reports a lot of empty lines "Banned in " + also falsely reports the IP banned in the sshd chain.

I copied over the version before the refactoring #1654, which outputs correctly:

root@mail:/# bash fail2ban.old
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Banned in postfix-sasl: 58.57.4.238
iptables: No chain/target/match by that name.

What is affected by this bug?

/usr/local/bin/fail2ban

When does this occur?

always

Actual Behavior

Incorrect output

Expected behavior (i.e. solution)

Same output as before the refactoring.

Solution

None yet. I will take a closer look by the end of the week. @aendeavor do you have an idea what could be the cause?
@casperklein casperklein changed the title fail2ban script broken fail2ban script output incorrect Nov 4, 2020
@georglauterbach georglauterbach self-assigned this Nov 4, 2020
@georglauterbach
Copy link
Member

georglauterbach commented Nov 4, 2020
edited

Probably due to sloppy work on my side. I will look at this too when I have time. Thanks @casperklein for noticing!

@georglauterbach
Copy link
Member

georglauterbach commented Nov 5, 2020
edited

I'm working on it and may have a fix this evening noon. Prepare for review:D

@georglauterbach georglauterbach mentioned this issue Nov 5, 2020
Merged
georglauterbach added a commit that referenced this issue Nov 5, 2020
@georglauterbach
Merge pull request #1679 from aendeavor/fix-f2b-#1677
59c18ed 
F2B script unusable - fixes #1677
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@georglauterbach georglauterbach

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

F2B script unusable - fixes #1677
2 participants
@casperklein @georglauterbach