Check fail2ban logs, and also, have you tried removing everything fail2ban related from iptables, after fail2ban is
completely shut down?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
-------- Original Message --------
*Subject: * [Fail2ban-users] fail2ban-client Hangs on Exit
*From: * Nick Coons <nick.co...@hyperionworks.com>
*To: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: * 2023-6-14 01:03 PM
I'm trying to set up what I'm calling an auto whitelist. Basically, I have multiple users behind a NAT. If there's a
successful authentication from an IP, I want to add that IP to the ignore list so that it can't be banned. This will
prevent a situation where I have 30 users from the same public IP logging into email, and one of them enters their
password incorrectly a couple of times, and then all 30 users are banned.
This is all working well. However, after implementing this, fail2ban now hangs when trying to stop the service.
Systemd eventually times it out and kills the service and all is well, but now it takes 90 seconds (without some sort
of manual intervention) to stop/restart the service.
Here's what I've changed in the config:
/etc/fail2ban/jail.d/asterisk-whitelist.conf
[asterisk-whitelist]
enabled = true
port = 5060,5061,5038
logpath = /var/log/asterisk/full
action = ignoreip[name=asterisk]
maxretry = 1
bantime = 2592000
/etc/fail2ban/actions.d/ignoreip.conf
[Definition]
actionstart =
actionstop =
actionban = fail2ban-client set <name> addignoreip <ip>
actionunban = fail2ban-client set <name> delignoreip <ip>
[Init]
name = default
chain = INPUT
/etc/fail2ban/filter.d/asterisk-whitelist.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = asterisk
__pid_re = (?:\s*\[\d+\])
iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
log_prefix=
(?:NOTICE|SECURITY|WARNING|VERBOSE)%(__pid_re)s:?(?:\[C-[\da-f]*\])?
[^:]+:\d*(?:(?: in)? \w+:)?
prefregex = ^%(__prefix_line)s%(log_prefix)s <F-CONTENT>.+</F-CONTENT>$
failregex = ^.*Contact .*\/sip[s]?:.*@<HOST>.* is now Reachable.*
ignoreregex =
This all functions the way I want it to, except...
When I attempt to stop or restart the service, what I see is the fail2ban-client process trying to remove
previously-ignored IPs during the shutdown process, but it's hung. If I kill this process, then the service stops. Or,
if I leave it be, then systemd will time it out in 90 seconds. My guess is that the server service has stopped, so
fail2ban-client has nothing with which to communicate.
Any thoughts on how to resolve this?
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
