Hello List, thanks in advance for any help you can provide..
I hope you can help me with this. Fresh Centos 8 installed with fail2ban + firewalld/system Everything installed from rpm I have installed and configured 2 jails, sshd and postfix-sasl, Firewalld is running and getting the list of ban ips from fail2ban ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports 1:65535 -m set --match-set f2b-postfix-sasl src -j REJECT --reject-with icmp-port-unreachable ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable both jail are detecting and banning ips.. as you can see in the output 64 and 787 ips banned on respectively Status for the jail: postfix-sasl |- Filter | |- Currently failed: 15 | |- Total failed: 2979 | `- Journal matches: _SYSTEMD_UNIT=postfix.service `- Actions |- Currently banned: 64 |- Total banned: 64 `- Banned IP list: 46.38.150.37 185.143.73.134 185.143.73.203 46.38.145.253 46.38.145.252 ... [output cut] [root@vps01 ~]# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 68 | |- Total failed: 787 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 359 |- Total banned: 380 `- Banned IP list: 128.199.142.0 119.29.56.139 210.126.5.91 190.143.39.211 107.159.22.18 181.166.87.8 85.172.11.101 ..[output cut] However the problem is that firewalld after a couple of minutes loosses the list of ips from fail2ban and it stops blocking and actually no longer bocks any new ip added to the jail As you can see here from command output postfix-sasl has 0 entries, If I [root@vps01 ~]# ipset list Name: f2b-postfix-sasl Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 600 Size in memory: 6168 References: 1 Number of entries: 0 Members: Name: f2b-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 172800 Size in memory: 29688 References: 1 Number of entries: 362 Members: 188.166.164.10 timeout 161635 41.111.135.199 timeout 161638 .. [output cut] 62.94.206.57 timeout 161639 49.232.162.53 timeout 172712 If fail2ban is restarted, postfix-sasl gets its members and effectively blocks connections, but after a couple of minutes it goes back to 0 entries and stops protecting. [root@vps01 ~]# ipset list|grep -v timeout Name: f2b-sshd Type: hash:ip Revision: 4 Size in memory: 29208 References: 1 Number of entries: 361 Members: Name: f2b-postfix-sasl Type: hash:ip Revision: 4 Size in memory: 6264 References: 1 Number of entries: 64 Members: -- running versions - cyrus-sasl-2.1.26-23.el7.x86_64 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 cyrus-sasl-md5-2.1.26-23.el7.x86_64 cyrus-sasl-plain-2.1.26-23.el7.x86_64 fail2ban-0.10.5-2.el7.noarch fail2ban-firewalld-0.10.5-2.el7.noarch fail2ban-sendmail-0.10.5-2.el7.noarch fail2ban-server-0.10.5-2.el7.noarch fail2ban-systemd-0.10.5-2.el7.noarch postfix-2.10.1-9.el7.x86_64 --
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
