Fail2Ban "Protocol = all" errors
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| fail2ban (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
14.04 "Trusty"
uname = 3.19.0-25-generic #26~14.04.1-Ubuntu SMP x86_64
fail2ban version 0.8.11-1
iptables version 1.4.21-1ubuntu1
=-=-=-=
I just put this server up last week - just a postfix/mail box mostly.
My jails are all default/default filters..
Haven't had a chance to try and reproduce on other servers, but simply adding:
protocol = all
Gives me errors for all jails. Changing back to 'tcp' does not.
Test - add this under your jail.local:
Under [DEFAULT]
Just change 'protocol = tcp' to 'protocol = all' (or 0)
It also errors on a jail by jail basis = Add "protocol = all" under the a specific jail.
Log sample when set to 'all':
2016-03-13 17:36:21,397 fail2ban.jail : INFO Jail 'ssh' started
2016-03-13 17:36:21,400 fail2ban.jail : INFO Jail 'postfix' started
2016-03-13 17:36:21,402 fail2ban.jail : INFO Jail 'sasl' started
2016-03-13 17:36:21,412 fail2ban.
iptables -A fail2ban-postfix -j RETURN
iptables -I INPUT -p all -m multiport --dports smtp,ssmtp,
2016-03-13 17:36:38,432 fail2ban.actions: WARNING [postfix] Ban (x.x.x.x)
2016-03-13 17:36:38,438 fail2ban.
2016-03-13 17:36:38,438 fail2ban.
2016-03-13 17:36:38,453 fail2ban.
iptables -A fail2ban-postfix -j RETURN
iptables -I INPUT -p all -m multiport --dports smtp,ssmtp,
When protocol = tcp there are no errors - bans work and iptables lists them in the given jail.
| Brady Shea (bmatthewshea) wrote | #1 |
Seems to be iptables (?)
$ sudo iptables -I INPUT -p all -m multiport --dports smtp,ssmtp,
iptables v1.4.21: multiport needs `-p tcp', `-p udp', `-p udplite', `-p sctp' or `-p dccp'
Try `iptables -h' or 'iptables --help' for more information.
Note: it does not mention '-p all' ^. So, I assume this is what fail2ban stumbled on.