Replies: 3 comments 6 replies
-
I don't understand your output (excerpt?)... Anyway that One thing I can imagine is missing or disabled parameter Check whether the dump ( If it is not a misconfiguration - a good "workaround" may be the switch to another action, e. g. |
Beta Was this translation helpful? Give feedback.
-
Sorry, I did search for Chain already exists and it is not in any of my logs. My kernel does support I'll keep an eye on the tables and let you know if the errant |
Beta Was this translation helpful? Give feedback.
-
Hi @sebres I caught another IP 157.97.120.50 that got around the failtoban ip tables even after a restart of the fail2ban service. 157.97.120.50.already.banned.iptable.txt |
Beta Was this translation helpful? Give feedback.
-
I am running ubuntu 20.04.5 and occasionally I see an IP already banned log message. When I see this, I print the iptable ( iptables -nL ) and I invariably see this line in the table:
RETURN all -- 0.0.0.0/0 0.0.0.0/0
I don't know if this artifact gets into the table because of a bug in fail2ban or a clever hacker exploit.
Regardless, the RETURN all goes away after a fail2ban service restart.
I am contemplating a cron job to restart fail2ban every few hours or at least once a day.
Anyone have any thoughts?
Beta Was this translation helpful? Give feedback.
All reactions