Bug 922281

Summary: fail2ban ERROR iptables ... returned 300
Product: [Fedora] Fedora EPEL Reporter: Dominik 'Rathann' Mierzejewski <dominik>
Component: fail2banAssignee: Adam Miller <admiller>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: admiller, ivo, orion
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-16 02:32:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dominik 'Rathann' Mierzejewski 2013-03-15 23:23:28 UTC 
Description of problem:
fail2ban fails to call iptables properly due to mangled commands.

Version-Release number of selected component (if applicable):
fail2ban-0.8.8-3.el6.noarch

How reproducible:
Always

Steps to Reproduce:
1. configure ssh-iptables jail
2. service fail2ban start
  
Actual results:
Mar 16 00:10:08 mokona fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Mar 16 00:10:08 mokona fail2ban.actions.action: ERROR  iptables -N fail2ban-sasl#012iptables -A fail2ban-sasl -j RETURN#012iptables -I INPUT -p tcp --dport imaps -j fail2ban-sasl returned 300

Expected results:
No errors, successful iptables setup.

Additional info:
This might be related to bug 905097, as I'm still seeing weird characters in syslog:
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Added logfile = /var/log/secure
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Set maxRetry = 5
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Set findtime = 900
...
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Added logfile = /var/log/maillog
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Set maxRetry = 3
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Set findtime = 900
Comment 1 Dominik 'Rathann' Mierzejewski 2013-03-15 23:25:12 UTC 
My ssh-iptables jail config:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@myserver]
logpath  = /var/log/secure
maxretry = 5
Comment 2 Orion Poplawski 2013-03-16 02:32:27 UTC 
Looks like a SELinux issue

*** This bug has been marked as a duplicate of bug 916727 ***
Comment 3 Ivo Schooneman 2013-04-04 07:06:45 UTC 
restorecon -R -v /sbin/

That will repair the context of /sbin/iptables-multi-1.4.7
Now it works ;)