Package: fail2ban Version: 0.9.1-1 Severity: important the recidive jail is spewing lines into fail2ban.log like this
2015-05-02 11:30:38,076 fail2ban.action [26155]: ERROR iptables -N f2b-recidive iptables -A f2b-recidive -j RETURN iptables -I INPUT -p all -m multiport --dports all -j f2b-recidive -- stderr: b"iptables v1.4.21: multiport needs `-p tcp', `-p udp', `-p udplite', `-p sctp' or `-p dccp'\nTry `iptables -h' or 'iptables --help' for more information.\n" 2015-05-02 11:30:38,077 fail2ban.action [26155]: ERROR iptables -N f2b-recidive iptables -A f2b-recidive -j RETURN iptables -I INPUT -p all -m multiport --dports all -j f2b-recidive -- returned 2 The reason seems to be this in jail.conf [recidive] logpath = /var/log/fail2ban.log port = all protocol = all ... adding a jail.local entry [recidive] enabled = true banaction = iptables-allports fixes the error, so perhaps this last line should be in jail.conf -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fail2ban depends on: ii init-system-helpers 1.22 ii lsb-base 4.1+Debian13+nmu1 ii python3 3.4.2-2 pn python3:any <none> Versions of packages fail2ban recommends: ii iptables 1.4.21-2+b1 ii python3-pyinotify 0.9.5-1 ii whois 5.2.7 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2 ii mailutils [mailx] 1:2.99.98-2 ii mailx 1:20081101-2 pn python3-systemd <none> ii rsyslog [system-log-daemon] 8.4.2-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
