922281 – fail2ban ERROR iptables ... returned 300

Bug 922281 - fail2ban ERROR iptables ... returned 300

Summary: fail2ban ERROR iptables ... returned 300

Keywords:
Status:	CLOSED DUPLICATE of bug 916727
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	fail2ban
Sub Component:
Version:	el6
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Adam Miller
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-03-15 23:23 UTC by Dominik 'Rathann' Mierzejewski
Modified:	2013-04-04 07:06 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-03-16 02:32:27 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Dominik 'Rathann' Mierzejewski 2013-03-15 23:23:28 UTC

Description of problem:
fail2ban fails to call iptables properly due to mangled commands.

Version-Release number of selected component (if applicable):
fail2ban-0.8.8-3.el6.noarch

How reproducible:
Always

Steps to Reproduce:
1. configure ssh-iptables jail
2. service fail2ban start
  
Actual results:
Mar 16 00:10:08 mokona fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH#012iptables -A fail2ban-SSH -j RETURN#012iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 300
Mar 16 00:10:08 mokona fail2ban.actions.action: ERROR  iptables -N fail2ban-sasl#012iptables -A fail2ban-sasl -j RETURN#012iptables -I INPUT -p tcp --dport imaps -j fail2ban-sasl returned 300

Expected results:
No errors, successful iptables setup.

Additional info:
This might be related to bug 905097, as I'm still seeing weird characters in syslog:
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Added logfile = /var/log/secure
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Set maxRetry = 5
Mar 16 00:10:07 mokona <BF><30>fail2ban.filter : INFO   Set findtime = 900
...
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Added logfile = /var/log/maillog
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Set maxRetry = 3
Mar 16 00:10:08 mokona <BF><30>fail2ban.filter : INFO   Set findtime = 900

Comment 1 Dominik 'Rathann' Mierzejewski 2013-03-15 23:25:12 UTC

My ssh-iptables jail config:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@myserver]
logpath  = /var/log/secure
maxretry = 5

Comment 2 Orion Poplawski 2013-03-16 02:32:27 UTC

Looks like a SELinux issue

*** This bug has been marked as a duplicate of bug 916727 ***

Comment 3 Ivo Schooneman 2013-04-04 07:06:45 UTC

restorecon -R -v /sbin/

That will repair the context of /sbin/iptables-multi-1.4.7
Now it works ;)

Note You need to log in before you can comment on or make changes to this bug.