Comment added to BZ which was supposed to be "fixed"... https://bugzilla.redhat.com/show_bug.cgi?id=1533760
For some reason fail2ban is not creating the ipset set... I ran fail2ban manually with DEBUG log level and I can see where it sets everything up, says it's OK, but I never see it call ipset to create the set so firewalld obviously complains about not being able to find it because fail2ban DOES create the rule (from DEBUG output: firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable Ok, I just tried running: fail2ban-server -xf --loglevel 5 --logtarget STDOUT | grep ipset And this time it DID create the ipset... New theory... fail2ban only creates the set if it has an ip to add to it? Spent too much time on this today. Thanks, Richard Thanks, Richard >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
