'[Fail2ban-users] Fail2Ban on CentOS7 issues - not banning'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fail2ban-users
Subject:    [Fail2ban-users] Fail2Ban on CentOS7 issues - not banning
From:       Ivan Demkovitch <idemkovitch () yahoo ! com>
Date:       2015-04-27 19:07:56
Message-ID: 1920213053.2655837.1430161676507.JavaMail.yahoo () mail ! yahoo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello list,  I installed Fail2Ban - yum install fail2ban, gave me v0.9.1This is \
Asterisk system, all I need is to block password attempts for asterisk.I'm NEW to \
Linux, so I'm just looking forward, i.e. CentOS7, systemd, firewalld...  The only \
thing I did is configured jail.local like so: [DEFAULT]
banaction = firewallcmd-ipset
destemail = ivan@sss.com
backend = polling ;This option FIXED issue with CRITICAL crash on startup and \
fail2ban.log started to look as it should be  [asterisk] enabled = true
logpath   = /var/log/asterisk/messages
maxretry = 5
bantime = 86400  Main issue. Log looks correct but even from log you can tell it's \
not banning. Something going on with firewalld. No errors, but it's not taking those \
rules?Basically, looks like part of fail2ban which detects and takes on action works \
correctly, but actual "ban" part not working without any error?  2015-04-27 \
13:56:13,241 fail2ban.actions               [2944]: NOTICE   [asterisk] 212.129.1.26 \
already banned 2015-04-27 13:56:57,514 fail2ban.filter                 [2944]: INFO   \
[asterisk] Found 212.129.1.26 2015-04-27 13:57:10,552 fail2ban.filter                 \
[2944]: INFO       [asterisk] Found 212.129.1.26 2015-04-27 13:57:30,600 \
fail2ban.filter                 [2944]: INFO       [asterisk] Found 212.129.1.26 \
2015-04-27 13:58:45,766 fail2ban.filter                 [2944]: INFO       [asterisk] \
Found 212.129.1.26 2015-04-27 13:59:17,840 fail2ban.filter                 [2944]: \
INFO       [asterisk] Found 212.129.1.26 2015-04-27 13:59:18,672 fail2ban.actions     \
[2944]: NOTICE   [asterisk] 212.129.1.26 already banned 2015-04-27 13:59:49,926 \
fail2ban.filter                 [2944]: INFO       [asterisk] Found 212.129.1.26 \
2015-04-27 14:00:24,002 fail2ban.filter                 [2944]: INFO       [asterisk] \
Found 212.129.1.26  If I restart service - service fail2ban restart - here is what I \
get, everything looks great, and I even get email (issue with sender was solved in \
other email)2015-04-27 14:02:10,982 fail2ban.server                 [2944]: INFO      \
Stopping all jails 2015-04-27 14:02:11,079 fail2ban.actions               [2944]: \
NOTICE   [asterisk] Unban 212.129.1.26 2015-04-27 14:02:11,291 fail2ban.actions       \
[2944]: NOTICE   [asterisk] Unban 212.83.187.182 2015-04-27 14:02:12,228 \
fail2ban.jail                     [2944]: INFO       Jail 'asterisk' stopped \
2015-04-27 14:02:12,239 fail2ban.server                 [2944]: INFO       Exiting \
Fail2ban 2015-04-27 14:02:12,477 fail2ban.server                 [5140]: INFO       \
Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-04-27 \
14:02:12,478 fail2ban.database             [5140]: INFO       Connected to fail2ban \
persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2015-04-27 14:02:12,485 \
fail2ban.jail                     [5140]: INFO       Creating new jail 'asterisk' \
2015-04-27 14:02:12,485 fail2ban.jail                     [5140]: INFO       Jail \
'asterisk' uses poller 2015-04-27 14:02:12,511 fail2ban.filter                 \
[5140]: INFO       Set jail log file encoding to UTF-8 2015-04-27 14:02:12,512 \
fail2ban.jail                     [5140]: INFO       Initiated 'polling' backend \
2015-04-27 14:02:12,521 fail2ban.filter                 [5140]: INFO       Added \
logfile = /var/log/asterisk/messages 2015-04-27 14:02:12,522 fail2ban.filter          \
[5140]: INFO       Set maxRetry = 5 2015-04-27 14:02:12,523 fail2ban.filter           \
[5140]: INFO       Set jail log file encoding to UTF-8 2015-04-27 14:02:12,524 \
fail2ban.actions               [5140]: INFO       Set banTime = 86400 2015-04-27 \
14:02:12,525 fail2ban.filter                 [5140]: INFO       Set findtime = 600 \
2015-04-27 14:02:12,657 fail2ban.jail                     [5140]: INFO       Jail \
'asterisk' started 2015-04-27 14:02:13,476 fail2ban.actions               [5140]: \
NOTICE   [asterisk] Ban 212.129.1.26 2015-04-27 14:02:14,311 fail2ban.actions         \
[5140]: NOTICE   [asterisk] Ban 212.83.187.182  Now if I reboot machine (important, \
not restarting service, rebooting server!) I get  ERRORS in fail2ban.logIt seems that \
fail2ban doesn't do permanent (or at least should do permanent) rules in firewalld. \
Can somebody help with WHAT need to be set/changed to get banning working ?   \
2015-04-27 14:03:40,109 fail2ban.server                 [5140]: INFO       Stopping \
all jails 2015-04-27 14:03:41,074 fail2ban.actions               [5140]: NOTICE   \
[asterisk] Unban 212.129.1.26 2015-04-27 14:03:41,285 fail2ban.actions               \
[5140]: NOTICE   [asterisk] Unban 212.83.187.182 2015-04-27 14:03:41,915 \
fail2ban.action                 [5140]: ERROR     firewall-cmd --direct --remove-rule \
ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set \
fail2ban-asterisk-udp src -j REJECT --reject-with icmp-port-unreachable ipset flush \
fail2ban-asterisk-udp ipset destroy fail2ban-asterisk-udp -- stdout: 'Not using \
slip\n' 2015-04-27 14:03:41,915 fail2ban.action                 [5140]: ERROR     \
firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m multiport --dports \
5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT --reject-with \
icmp-port-unreachable ipset flush fail2ban-asterisk-udp
ipset destroy fail2ban-asterisk-udp -- stderr: 'Traceback (most recent call last):\n  \
File "/usr/bin/firewall-cmd", line 703, in <module>\n       fw = FirewallClient()\n   \
File "<string>", line 2, in __init__\n   File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in \
handle_exceptions\n       return func(*args, **kwargs)\n   File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n       \
self.bus = dbus.SystemBus()\n   File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n       \
private=private)\n   File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line \
100, in __new__\n       bus = BusConnection.__new__(subclass, bus_type, \
mainloop=mainloop)\n   File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line \
122, in __new__\n       bus = cls._new_for_bus(address_or_type, \
mainloop=mainloop)\ndbus.exceptions.DBusException: \
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket \
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be \
destroyed: it is in use by a kernel component\n' 2015-04-27 14:03:41,915 \
fail2ban.action                 [5140]: ERROR     firewall-cmd --direct --remove-rule \
ipv4 filter INPUT 0 -p udp -m multiport --dports 5060,5061 -m set --match-set \
fail2ban-asterisk-udp src -j REJECT --reject-with icmp-port-unreachable ipset flush \
fail2ban-asterisk-udp ipset destroy fail2ban-asterisk-udp -- returned 1
2015-04-27 14:03:41,915 fail2ban.actions               [5140]: ERROR     Failed to \
stop jail 'asterisk' action 'firewallcmd-ipset-udp': Error stopping action 2015-04-27 \
14:03:42,222 fail2ban.action                 [5140]: ERROR     firewall-cmd --direct \
--remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports 5060,5061 -m set \
--match-set fail2ban-asterisk-tcp src -j REJECT --reject-with icmp-port-unreachable \
ipset flush fail2ban-asterisk-tcp ipset destroy fail2ban-asterisk-tcp -- stdout: 'Not \
using slip\n' 2015-04-27 14:03:42,222 fail2ban.action                 [5140]: ERROR   \
firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports \
5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT --reject-with \
icmp-port-unreachable ipset flush fail2ban-asterisk-tcp
ipset destroy fail2ban-asterisk-tcp -- stderr: 'Traceback (most recent call last):\n  \
File "/usr/bin/firewall-cmd", line 703, in <module>\n       fw = FirewallClient()\n   \
File "<string>", line 2, in __init__\n   File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in \
handle_exceptions\n       return func(*args, **kwargs)\n   File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in __init__\n       \
self.bus = dbus.SystemBus()\n   File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in __new__\n       \
private=private)\n   File "/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line \
100, in __new__\n       bus = BusConnection.__new__(subclass, bus_type, \
mainloop=mainloop)\n   File "/usr/lib64/python2.7/site-packages/dbus/bus.py", line \
122, in __new__\n       bus = cls._new_for_bus(address_or_type, \
mainloop=mainloop)\ndbus.exceptions.DBusException: \
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket \
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be \
destroyed: it is in use by a kernel component\n' 2015-04-27 14:03:42,222 \
fail2ban.action                 [5140]: ERROR     firewall-cmd --direct --remove-rule \
ipv4 filter INPUT 0 -p tcp -m multiport --dports 5060,5061 -m set --match-set \
fail2ban-asterisk-tcp src -j REJECT --reject-with icmp-port-unreachable ipset flush \
fail2ban-asterisk-tcp ipset destroy fail2ban-asterisk-tcp -- returned 1
2015-04-27 14:03:42,223 fail2ban.actions               [5140]: ERROR     Failed to \
stop jail 'asterisk' action 'firewallcmd-ipset-tcp': Error stopping action 2015-04-27 \
14:03:42,223 fail2ban.jail                     [5140]: INFO       Jail 'asterisk' \
stopped 2015-04-27 14:03:42,230 fail2ban.server                 [5140]: INFO       \
Exiting Fail2ban  


[Attachment #5 (text/html)]

<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div \
id="yui_3_16_0_1_1430160869688_2495" dir="ltr">Hello list,</div><div \
id="yui_3_16_0_1_1430160869688_2496" dir="ltr">&nbsp;</div><div \
id="yui_3_16_0_1_1430160869688_2497" dir="ltr">I installed Fail2Ban - yum install \
fail2ban, gave me v0.9.1</div><div id="yui_3_16_0_1_1430160869688_2823" \
dir="ltr">This is Asterisk system, all I need is to block password attempts for \
asterisk.</div><div dir="ltr">I'm NEW to Linux, so I'm just looking forward, i.e. \
CentOS7, systemd, firewalld...</div><div id="yui_3_16_0_1_1430160869688_2498" \
dir="ltr">&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2569" dir="ltr">The only \
thing I did is configured<strong> jail.local</strong> like so:<br></div><div \
id="yui_3_16_0_1_1430160869688_2571" dir="ltr"><font \
id="yui_3_16_0_1_1430160869688_2528" face="Menlo-Regular" \
size="3">[DEFAULT]<br>banaction = firewallcmd-ipset<br>destemail = <a \
href="mailto:ivan@sss.com">ivan@sss.com</a><br>backend = polling ;This option FIXED \
issue with CRITICAL crash on startup and fail2ban.log started to look as it should \
be</font></div><div id="yui_3_16_0_1_1430160869688_2570"><font face="Times New \
Roman"></font>&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2719"><font \
id="yui_3_16_0_1_1430160869688_2565" face="Menlo-Regular" \
size="3">[asterisk]<br>enabled = true<br>logpath&nbsp; = \
/var/log/asterisk/messages<br>maxretry = 5<br>bantime = 86400</font></div><div \
id="yui_3_16_0_1_1430160869688_2718"><font face="Times New \
Roman"></font>&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2736" dir="ltr">Main \
issue. Log looks correct but even from log you can tell it's not banning. Something \
going on with firewalld. No errors, but it's not taking those rules?</div><div \
id="yui_3_16_0_1_1430160869688_2744" dir="ltr">Basically, looks like part of fail2ban \
which detects and takes on action works correctly, but actual "ban" part not working \
without any error?</div><div dir="ltr">&nbsp;</div><div \
id="yui_3_16_0_1_1430160869688_2735" dir="ltr">2015-04-27 13:56:13,241 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: NOTICE&nbsp; \
[asterisk] 212.129.1.26 already banned<br>2015-04-27 13:56:57,514 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 13:57:10,552 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 13:57:30,600 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 13:58:45,766 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 13:59:17,840 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 13:59:18,672 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: NOTICE&nbsp; \
[asterisk] 212.129.1.26 already banned<br>2015-04-27 13:59:49,926 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26<br>2015-04-27 14:00:24,002 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; [asterisk] Found 212.129.1.26</div><div \
id="yui_3_16_0_1_1430160869688_2734" dir="ltr">&nbsp;</div><div \
id="yui_3_16_0_1_1430160869688_2698" dir="ltr"><font \
id="yui_3_16_0_1_1430160869688_2752" face="Times New Roman">If I restart service - \
service fail2ban restart - here is what I get, everything looks great, and I even get \
email (issue with sender was solved in other email)</font></div><div \
id="yui_3_16_0_1_1430160869688_2773" dir="ltr"><font \
id="yui_3_16_0_1_1430160869688_2776" face="Times New Roman">2015-04-27 14:02:10,982 \
fail2ban.server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; Stopping all jails<br>2015-04-27 14:02:11,079 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: NOTICE&nbsp; \
[asterisk] Unban 212.129.1.26<br>2015-04-27 14:02:11,291 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: NOTICE&nbsp; \
[asterisk] Unban 212.83.187.182<br>2015-04-27 14:02:12,228 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; Jail 'asterisk' stopped<br>2015-04-27 14:02:12,239 \
fail2ban.server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [2944]: \
INFO&nbsp;&nbsp;&nbsp; Exiting Fail2ban<br>2015-04-27 14:02:12,477 \
fail2ban.server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Changed logging target to /var/log/fail2ban.log for Fail2ban \
v0.9.1<br>2015-04-27 14:02:12,478 \
fail2ban.database&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: INFO&nbsp;&nbsp;&nbsp; \
Connected to fail2ban persistent database \
'/var/lib/fail2ban/fail2ban.sqlite3'<br>2015-04-27 14:02:12,485 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Creating new jail 'asterisk'<br>2015-04-27 14:02:12,485 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Jail 'asterisk' uses poller<br>2015-04-27 14:02:12,511 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Set jail log file encoding to UTF-8<br>2015-04-27 14:02:12,512 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Initiated 'polling' backend<br>2015-04-27 14:02:12,521 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Added logfile = /var/log/asterisk/messages<br>2015-04-27 \
14:02:12,522 fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Set maxRetry = 5<br>2015-04-27 14:02:12,523 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Set jail log file encoding to UTF-8<br>2015-04-27 14:02:12,524 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Set banTime = 86400<br>2015-04-27 14:02:12,525 \
fail2ban.filter&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Set findtime = 600<br>2015-04-27 14:02:12,657 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Jail 'asterisk' started<br>2015-04-27 14:02:13,476 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: NOTICE&nbsp; \
[asterisk] Ban 212.129.1.26<br>2015-04-27 14:02:14,311 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: NOTICE&nbsp; \
[asterisk] Ban 212.83.187.182<br></font></div><div \
id="yui_3_16_0_1_1430160869688_2774" dir="ltr"><font face="Times New \
Roman"></font>&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2775"><font face="Times \
New Roman"></font>&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2699" dir="ltr">Now \
if I reboot machine (important, not restarting service, rebooting server!) I \
get&nbsp;ERRORS in fail2ban.log</div><div id="yui_3_16_0_1_1430160869688_2798" \
dir="ltr">It seems that fail2ban doesn't do permanent (or at least should do \
permanent) rules in firewalld. Can somebody help with WHAT need to be set/changed to \
get banning working ? </div><div id="yui_3_16_0_1_1430160869688_2813" \
dir="ltr">&nbsp;</div><div id="yui_3_16_0_1_1430160869688_2815" dir="ltr">2015-04-27 \
14:03:40,109 fail2ban.server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Stopping all jails<br>2015-04-27 14:03:41,074 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: NOTICE&nbsp; \
[asterisk] Unban 212.129.1.26<br>2015-04-27 14:03:41,285 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: NOTICE&nbsp; \
[asterisk] Unban 212.83.187.182<br>2015-04-27 14:03:41,915 \
fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-udp<br>ipset \
destroy fail2ban-asterisk-udp -- stdout: 'Not using slip\n'<br>2015-04-27 \
14:03:41,915 fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-udp<br>ipset \
destroy fail2ban-asterisk-udp -- stderr: 'Traceback (most recent call last):\n&nbsp; \
File "/usr/bin/firewall-cmd", line 703, in &lt;module&gt;\n&nbsp;&nbsp;&nbsp; fw = \
FirewallClient()\n&nbsp; File "&lt;string&gt;", line 2, in __init__\n&nbsp; File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in \
handle_exceptions\n&nbsp;&nbsp;&nbsp; return func(*args, **kwargs)\n&nbsp; File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in \
__init__\n&nbsp;&nbsp;&nbsp; self.bus = dbus.SystemBus()\n&nbsp; File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in \
__new__\n&nbsp;&nbsp;&nbsp; private=private)\n&nbsp; File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 100, in \
__new__\n&nbsp;&nbsp;&nbsp; bus = BusConnection.__new__(subclass, bus_type, \
mainloop=mainloop)\n&nbsp; File "/usr/lib64/python2.7/site-packages/dbus/bus.py", \
line 122, in __new__\n&nbsp;&nbsp;&nbsp; bus = cls._new_for_bus(address_or_type, \
mainloop=mainloop)\ndbus.exceptions.DBusException: \
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket \
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be \
destroyed: it is in use by a kernel component\n'<br>2015-04-27 14:03:41,915 \
fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p udp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-udp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-udp<br>ipset \
destroy fail2ban-asterisk-udp -- returned 1<br>2015-04-27 14:03:41,915 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: ERROR&nbsp;&nbsp; \
Failed to stop jail 'asterisk' action 'firewallcmd-ipset-udp': Error stopping \
action<br>2015-04-27 14:03:42,222 \
fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-tcp<br>ipset \
destroy fail2ban-asterisk-tcp -- stdout: 'Not using slip\n'<br>2015-04-27 \
14:03:42,222 fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-tcp<br>ipset \
destroy fail2ban-asterisk-tcp -- stderr: 'Traceback (most recent call last):\n&nbsp; \
File "/usr/bin/firewall-cmd", line 703, in &lt;module&gt;\n&nbsp;&nbsp;&nbsp; fw = \
FirewallClient()\n&nbsp; File "&lt;string&gt;", line 2, in __init__\n&nbsp; File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 52, in \
handle_exceptions\n&nbsp;&nbsp;&nbsp; return func(*args, **kwargs)\n&nbsp; File \
"/usr/lib/python2.7/site-packages/firewall/client.py", line 1594, in \
__init__\n&nbsp;&nbsp;&nbsp; self.bus = dbus.SystemBus()\n&nbsp; File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 194, in \
__new__\n&nbsp;&nbsp;&nbsp; private=private)\n&nbsp; File \
"/usr/lib64/python2.7/site-packages/dbus/_dbus.py", line 100, in \
__new__\n&nbsp;&nbsp;&nbsp; bus = BusConnection.__new__(subclass, bus_type, \
mainloop=mainloop)\n&nbsp; File "/usr/lib64/python2.7/site-packages/dbus/bus.py", \
line 122, in __new__\n&nbsp;&nbsp;&nbsp; bus = cls._new_for_bus(address_or_type, \
mainloop=mainloop)\ndbus.exceptions.DBusException: \
org.freedesktop.DBus.Error.NoServer: Failed to connect to socket \
/var/run/dbus/system_bus_socket: Connection refused\nipset v6.19: Set cannot be \
destroyed: it is in use by a kernel component\n'<br>2015-04-27 14:03:42,222 \
fail2ban.action&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
ERROR&nbsp;&nbsp; firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -p tcp -m \
multiport --dports 5060,5061 -m set --match-set fail2ban-asterisk-tcp src -j REJECT \
--reject-with icmp-port-unreachable<br>ipset flush fail2ban-asterisk-tcp<br>ipset \
destroy fail2ban-asterisk-tcp -- returned 1<br>2015-04-27 14:03:42,223 \
fail2ban.actions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: ERROR&nbsp;&nbsp; \
Failed to stop jail 'asterisk' action 'firewallcmd-ipset-tcp': Error stopping \
action<br>2015-04-27 14:03:42,223 \
fail2ban.jail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Jail 'asterisk' stopped<br>2015-04-27 14:03:42,230 \
fail2ban.server&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [5140]: \
INFO&nbsp;&nbsp;&nbsp; Exiting Fail2ban<br></div><div \
id="yui_3_16_0_1_1430160869688_2721" dir="ltr">&nbsp;</div></div></body></html>



------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic