nftables failed to cooperate with fail2ban...
2CheolU opened this issue · 1 comments
jail.conf
[sshd]
enabled = true
port = 22,9022
bantime = 1h
maxretry = 5
#ignoreip = 19.19.20.43
banaction = nftables-multiport
banaction_allports = nftables-allports
[ASTERISK]
enabled = true
bantime = 1h
maxretry = 5
banaction = nftables-multiport
banaction_allports = nftables-allports
nft list table fail2ban
(fail2ban table name)
table ip fail2ban { # handle 229
set f2b-ASTERISK { # handle 4
type ipv4_addr
}
set f2b-sshd { # handle 5
type ipv4_addr
}
chain input { # handle 1
type filter hook input priority 0; policy accept;
counter packets 25070 bytes 4424719 jump f2b-sshd # handle 8
udp dport { sip, 10000-20000 } ip saddr @f2b-ASTERISK drop # handle 9
counter packets 5665 bytes 944892 jump f2b-sshd # handle 10
tcp dport { ssh, 9022 } ip saddr @f2b-sshd drop # handle 11
}
chain f2b-sshd { # handle 2
counter packets 30904 bytes 5383849 return # handle 12
}
chain f2b-ASTERISK { # handle 3
counter packets 0 bytes 0 return # handle 13
}
}
fail2ban.log
2019-11-12 11:47:34,537 fail2ban.server [15189]: INFO --------------------------------------------------
2019-11-12 11:47:34,537 fail2ban.server [15189]: INFO Starting Fail2ban v0.10.4
2019-11-12 11:47:34,543 fail2ban.database [15189]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-11-12 11:47:34,544 fail2ban.jail [15189]: INFO Creating new jail 'sshd'
2019-11-12 11:47:34,557 fail2ban.jail [15189]: INFO Jail 'sshd' uses systemd {}
2019-11-12 11:47:34,558 fail2ban.jail [15189]: INFO Initiated 'systemd' backend
2019-11-12 11:47:34,559 fail2ban.filter [15189]: INFO maxLines: 1
2019-11-12 11:47:34,592 fail2ban.filtersystemd [15189]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2019-11-12 11:47:34,592 fail2ban.filter [15189]: INFO maxRetry: 5
2019-11-12 11:47:34,593 fail2ban.filter [15189]: INFO encoding: UTF-8
2019-11-12 11:47:34,594 fail2ban.jail [15189]: INFO Creating new jail 'ASTERISK'
2019-11-12 11:47:34,602 fail2ban.jail [15189]: INFO Jail 'ASTERISK' uses pyinotify {}
2019-11-12 11:47:34,605 fail2ban.jail [15189]: INFO Initiated 'pyinotify' backend
2019-11-12 11:47:34,621 fail2ban.filter [15189]: INFO maxRetry: 5
2019-11-12 13:50:21,080 fail2ban.actions [16260]: INFO banTime: 3600
2019-11-12 13:50:21,081 fail2ban.filter [16260]: INFO encoding: UTF-8
2019-11-12 13:50:21,081 fail2ban.jail [16260]: INFO Creating new jail 'ASTERISK'
2019-11-12 13:50:21,089 fail2ban.jail [16260]: INFO Jail 'ASTERISK' uses pyinotify {}
2019-11-12 13:50:21,093 fail2ban.jail [16260]: INFO Initiated 'pyinotify' backend
2019-11-12 13:50:21,108 fail2ban.filter [16260]: INFO maxRetry: 5
2019-11-12 13:50:21,109 fail2ban.filter [16260]: INFO findtime: 600
2019-11-12 13:50:21,109 fail2ban.actions [16260]: INFO banTime: 3600
2019-11-12 13:50:21,109 fail2ban.filter [16260]: INFO encoding: UTF-8
2019-11-12 13:50:21,110 fail2ban.filter [16260]: INFO Added logfile: '/var/log/asterisk/security' (pos = 496567, hash = 1604fd21935e1203261c5d823e388d804d316c46)
2019-11-12 13:50:21,112 fail2ban.jail [16260]: INFO Creating new jail 'recidive'
2019-11-12 13:50:21,112 fail2ban.jail [16260]: INFO Jail 'recidive' uses pyinotify {}
2019-11-12 13:50:21,115 fail2ban.jail [16260]: INFO Initiated 'pyinotify' backend
2019-11-12 13:50:21,122 fail2ban.server [16260]: INFO Jail recidive is not a JournalFilter instance
2019-11-12 13:50:21,122 fail2ban.filter [16260]: INFO maxRetry: 3
2019-11-12 13:50:21,122 fail2ban.filter [16260]: INFO findtime: 86400
2019-11-12 13:50:21,123 fail2ban.actions [16260]: INFO banTime: 86400
2019-11-12 13:50:21,123 fail2ban.filter [16260]: INFO encoding: UTF-8
2019-11-12 13:50:21,124 fail2ban.filter [16260]: INFO Added logfile: '/var/log/fail2ban.log' (pos = 239881, hash = 3f7c7b000305d0dcea7817f9c73ce9bb57d5d6aa)
2019-11-12 13:50:21,128 fail2ban.jail [16260]: INFO Jail 'sshd' started
2019-11-12 13:50:21,134 fail2ban.jail [16260]: INFO Jail 'ASTERISK' started
2019-11-12 13:50:21,139 fail2ban.jail [16260]: INFO Jail 'recidive' started
2019-11-12 13:50:21,185 fail2ban.actions [16260]: NOTICE [ASTERISK] Restore Ban 19.19.20.43
2019-11-12 13:50:21,195 fail2ban.utils [16260]: #39-Lev. 7ffb06c90570 -- exec: nft add set ip fail2ban f2b-ASTERISK { type ipv4_addr; }
nft insert rule ip fail2ban input meta l4proto all ip saddr @f2b-ASTERISK drop
2019-11-12 13:50:21,195 fail2ban.utils [16260]: ERROR 7ffb06c90570 -- stderr: 'Error: syntax error, unexpected all'
2019-11-12 13:50:21,196 fail2ban.utils [16260]: ERROR 7ffb06c90570 -- stderr: 'insert rule ip fail2ban input meta l4proto all ip saddr @f2b-ASTERISK drop'
2019-11-12 13:50:21,201 fail2ban.utils [16260]: ERROR 7ffb06c90570 -- stderr: ' ^^^'
2019-11-12 13:50:21,211 fail2ban.utils [16260]: ERROR 7ffb06c90570 -- returned 1
2019-11-12 13:50:21,214 fail2ban.actions [16260]: ERROR Failed to execute ban jail 'ASTERISK' action 'nftables-allports' info 'ActionInfo({'ip': '19.19.20.43', 'family': 'inet4', 'fid': <function Actions.ActionInfo. at 0x7ffb076b3840>, 'raw-ticket': <function Actions.ActionInfo. at 0x7ffb076b3d90>})': Error starting action Jail('ASTERISK')/nftables-allports
2019-11-12 13:50:46,256 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:46
2019-11-12 13:50:49,201 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:49
2019-11-12 13:50:49,201 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:49
2019-11-12 13:50:49,228 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:49
2019-11-12 13:50:52,240 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:52
2019-11-12 13:50:52,240 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:52
2019-11-12 13:50:52,251 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:52
2019-11-12 13:50:52,445 fail2ban.actions [16260]: NOTICE [ASTERISK] 19.19.20.43 already banned
2019-11-12 13:50:55,279 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:55
2019-11-12 13:50:55,280 fail2ban.filter [16260]: INFO [ASTERISK] Found 19.19.20.43 - 2019-11-12 13:50:55
I'm wondering why firewall failures and error logs are occurring.
You’re posting this in the wrong place. The google/nftables repository is a Go package to programmatically interact with nftables, not affiliated with the nftables developers itself in any way.