Firewall crashed down after creating a new rule for an IP range object

2017-02-21 20:41:57,649 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,650 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,650 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,650 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,656 fail2ban.jail [19856]: INFO Creating new jail 'apache-shellshock' 2017-02-21 20:41:57,656 fail2ban.jail [19856]: INFO Jail 'apache-shellshock' uses poller {} 2017-02-21 20:41:57,657 fail2ban.jail [19856]: INFO Initiated 'polling' backend 2017-02-21 20:41:57,657 fail2ban.filter [19856]: INFO Added logfile = /var/log/httpd/error_log 2017-02-21 20:41:57,657 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,658 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,658 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,658 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,665 fail2ban.jail [19856]: INFO Creating new jail 'postfix' 2017-02-21 20:41:57,665 fail2ban.jail [19856]: INFO Jail 'postfix' uses systemd {} 2017-02-21 20:41:57,666 fail2ban.jail [19856]: INFO Initiated 'systemd' backend 2017-02-21 20:41:57,666 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,667 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,667 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,667 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,683 fail2ban.filtersystemd [19856]: INFO Added journal match for: '_SYSTEMD_UNIT=postfix.service' 2017-02-21 20:41:57,688 fail2ban.jail [19856]: INFO Creating new jail 'postfix-rbl' 2017-02-21 20:41:57,689 fail2ban.jail [19856]: INFO Jail 'postfix-rbl' uses systemd {} 2017-02-21 20:41:57,689 fail2ban.jail [19856]: INFO Initiated 'systemd' backend 2017-02-21 20:41:57,690 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,690 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,690 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,691 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,698 fail2ban.jail [19856]: INFO Creating new jail 'dovecot' 2017-02-21 20:41:57,698 fail2ban.jail [19856]: INFO Jail 'dovecot' uses systemd {} 2017-02-21 20:41:57,698 fail2ban.jail [19856]: INFO Initiated 'systemd' backend 2017-02-21 20:41:57,699 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,700 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,700 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,700 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,712 fail2ban.filtersystemd [19856]: INFO Added journal match for: '_SYSTEMD_UNIT=dovecot.service' 2017-02-21 20:41:57,718 fail2ban.jail [19856]: INFO Creating new jail 'sieve' 2017-02-21 20:41:57,718 fail2ban.jail [19856]: INFO Jail 'sieve' uses systemd {} 2017-02-21 20:41:57,729 fail2ban.jail [19856]: INFO Initiated 'systemd' backend 2017-02-21 20:41:57,730 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,730 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,731 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,731 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,738 fail2ban.jail [19856]: INFO Creating new jail 'mysqld-auth' 2017-02-21 20:41:57,738 fail2ban.jail [19856]: INFO Jail 'mysqld-auth' uses poller {} 2017-02-21 20:41:57,739 fail2ban.jail [19856]: INFO Initiated 'polling' backend 2017-02-21 20:41:57,739 fail2ban.filter [19856]: INFO Added logfile = /var/log/mariadb/mariadb.log 2017-02-21 20:41:57,739 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,740 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,740 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,740 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,747 fail2ban.jail [19856]: INFO Creating new jail 'recidive' 2017-02-21 20:41:57,747 fail2ban.jail [19856]: INFO Jail 'recidive' uses poller {} 2017-02-21 20:41:57,748 fail2ban.jail [19856]: INFO Initiated 'polling' backend 2017-02-21 20:41:57,748 fail2ban.filter [19856]: INFO Added logfile = /var/log/fail2ban.log 2017-02-21 20:41:57,749 fail2ban.filter [19856]: INFO Set maxRetry = 6 2017-02-21 20:41:57,749 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,749 fail2ban.actions [19856]: INFO Set banTime = 406425600 2017-02-21 20:41:57,749 fail2ban.filter [19856]: INFO Set findtime = 56851200 2017-02-21 20:41:57,751 fail2ban.server [19856]: INFO Jail recidive is not a JournalFilter instance 2017-02-21 20:41:57,756 fail2ban.jail [19856]: INFO Creating new jail 'pam-generic' 2017-02-21 20:41:57,757 fail2ban.jail [19856]: INFO Jail 'pam-generic' uses systemd {} 2017-02-21 20:41:57,757 fail2ban.jail [19856]: INFO Initiated 'systemd' backend 2017-02-21 20:41:57,758 fail2ban.filter [19856]: INFO Set maxRetry = 6 2017-02-21 20:41:57,758 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,758 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,759 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,766 fail2ban.jail [19856]: INFO Creating new jail 'httpd-admin' 2017-02-21 20:41:57,766 fail2ban.jail [19856]: INFO Jail 'httpd-admin' uses poller {} 2017-02-21 20:41:57,767 fail2ban.jail [19856]: INFO Initiated 'polling' backend 2017-02-21 20:41:57,767 fail2ban.filter [19856]: INFO Added logfile = /var/log/httpd-admin/access_log 2017-02-21 20:41:57,768 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,768 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,768 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,768 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,774 fail2ban.jail [19856]: INFO Creating new jail 'apache-scan' 2017-02-21 20:41:57,774 fail2ban.jail [19856]: INFO Jail 'apache-scan' uses poller {} 2017-02-21 20:41:57,775 fail2ban.jail [19856]: INFO Initiated 'polling' backend 2017-02-21 20:41:57,775 fail2ban.filter [19856]: INFO Added logfile = /var/log/httpd/error_log 2017-02-21 20:41:57,775 fail2ban.filter [19856]: INFO Set maxRetry = 3 2017-02-21 20:41:57,776 fail2ban.filter [19856]: INFO Set jail log file encoding to UTF-8 2017-02-21 20:41:57,776 fail2ban.actions [19856]: INFO Set banTime = 1209600 2017-02-21 20:41:57,776 fail2ban.filter [19856]: INFO Set findtime = 604800 2017-02-21 20:41:57,810 fail2ban.jail [19856]: INFO Jail 'sshd' started 2017-02-21 20:41:57,818 fail2ban.jail [19856]: INFO Jail 'sshd-ddos' started 2017-02-21 20:41:57,837 fail2ban.jail [19856]: INFO Jail 'apache-auth' started 2017-02-21 20:41:57,850 fail2ban.jail [19856]: INFO Jail 'apache-badbots' started 2017-02-21 20:41:57,861 fail2ban.jail [19856]: INFO Jail 'apache-noscript' started 2017-02-21 20:41:57,867 fail2ban.jail [19856]: INFO Jail 'apache-overflows' started 2017-02-21 20:41:57,869 fail2ban.jail [19856]: INFO Jail 'apache-nohome' started 2017-02-21 20:41:57,872 fail2ban.jail [19856]: INFO Jail 'apache-botsearch' started 2017-02-21 20:41:57,874 fail2ban.jail [19856]: INFO Jail 'apache-fakegooglebot' started 2017-02-21 20:41:57,875 fail2ban.jail [19856]: INFO Jail 'apache-modsecurity' started 2017-02-21 20:41:57,876 fail2ban.jail [19856]: INFO Jail 'apache-shellshock' started 2017-02-21 20:41:57,877 fail2ban.jail [19856]: INFO Jail 'postfix' started 2017-02-21 20:41:57,878 fail2ban.filtersystemd [19856]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2017-02-21 20:41:57,880 fail2ban.jail [19856]: INFO Jail 'postfix-rbl' started 2017-02-21 20:41:57,886 fail2ban.jail [19856]: INFO Jail 'dovecot' started 2017-02-21 20:41:57,891 fail2ban.filtersystemd [19856]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2017-02-21 20:41:57,893 fail2ban.jail [19856]: INFO Jail 'sieve' started 2017-02-21 20:41:57,901 fail2ban.jail [19856]: INFO Jail 'mysqld-auth' started 2017-02-21 20:41:57,916 fail2ban.jail [19856]: INFO Jail 'recidive' started 2017-02-21 20:41:57,923 fail2ban.filtersystemd [19856]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2017-02-21 20:41:57,926 fail2ban.jail [19856]: INFO Jail 'pam-generic' started 2017-02-21 20:41:57,943 fail2ban.jail [19856]: INFO Jail 'httpd-admin' started 2017-02-21 20:41:57,970 fail2ban.jail [19856]: INFO Jail 'apache-scan' started 2017-02-21 20:41:58,008 fail2ban.actions [19856]: NOTICE [sshd] Ban 119.193.140.151 2017-02-21 20:41:58,192 fail2ban.filter [19856]: INFO [recidive] Found 119.193.140.151 2017-02-21 20:42:01,117 fail2ban.action [19856]: ERROR shorewall drop 119.193.140.151 -- stdout: '' 2017-02-21 20:42:01,123 fail2ban.action [19856]: ERROR shorewall drop 119.193.140.151 -- stderr: ' ERROR: Shorewall is not started\n' 2017-02-21 20:42:01,125 fail2ban.action [19856]: ERROR shorewall drop 119.193.140.151 -- returned 2 2017-02-21 20:42:01,127 fail2ban.actions [19856]: ERROR Failed to execute ban jail 'sshd' action 'shorewall' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x1e388c0>, 'matches': '2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084

ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:15:56.709326 sshd[14937]: Invalid user mother from 119.193.140.151\n2017-02-16T22:15:56.711812 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.151\n2017-02-16T22:15:59.084422 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:01.177479 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:03.217918 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:05.192727 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:06.792917 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2\n2017-02-16T22:16:09.674410 sshd[14937]: Failed password for invalid user mother from 119.193.140.151 port 55084 ssh2', 'ip': '119.193.140.151', 'ipmatches': <function <lambda> at 0x1e387d0>, 'ipfailures': <function <lambda> at 0x1e38848>, 'time': 1487706118.008088, 'failures': 112, 'ipjailfailures': <function <lambda> at 0x1e38938>})': Error banning 119.193.140.151 2017-02-21 20:42:01,955 fail2ban.actions [19856]: NOTICE [sshd] Ban 211.33.170.39 2017-02-21 20:42:02,144 fail2ban.action [19856]: ERROR shorewall drop 211.33.170.39 -- stdout: '' 2017-02-21 20:42:02,150 fail2ban.action [19856]: ERROR shorewall drop 211.33.170.39 -- stderr: ' ERROR: Shorewall is not started\n' 2017-02-21 20:42:02,153 fail2ban.action [19856]: ERROR shorewall drop 211.33.170.39 -- returned 2 2017-02-21 20:42:02,153 fail2ban.actions [19856]: ERROR Failed to execute ban jail 'sshd' action 'shorewall' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x1e387d0>, 'matches': '2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:43.560531 sshd[14912]: Invalid user admin from 211.33.170.39\n2017-02-16T21:59:43.616485 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.33.170.39\n2017-02-16T21:59:45.076524 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:47.115215 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:50.095743 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:52.153410 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:54.818786 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2\n2017-02-16T21:59:56.937949 sshd[14912]: Failed password for invalid user admin from 211.33.170.39 port 35576 ssh2', 'ip': '211.33.170.39', 'ipmatches': <function <lambda> at 0x1e38848>, 'ipfailures': <function <lambda> at 0x1e388c0>, 'time': 1487706121.95584, 'failures': 112, 'ipjailfailures': <function <lambda> at 0x1e38c08>})': Error banning 211.33.170.39 2017-02-21 20:42:02,259 fail2ban.filter [19856]: INFO [recidive] Found 211.33.170.39 2017-02-21 20:47:06,134 fail2ban.filter [19856]: INFO [postfix] Found 64.20.227.134 2017-02-21 20:47:06,216 fail2ban.filter [19856]: INFO [postfix] Found 208.113.164.93

Sorry about posting the whole log file…! :frowning: however I don’t know for sure which parts are relevant…

well, before posting you’d ask for what could be relevant :wink:

1 Like

of course… :frowning:

Now, I have removed nethserver-fail2an and fail2ban in order to test whether that solves my problem… but unfortunately it didn’t… :frowning:
After creating a firewall rule that involves an IP range object, the follows error message is still shown…

root@assa.cpbanq.com

Task completed with errors

Configuring shorewall #support Compiling using Shorewall 5.0.14.1…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Compiling /etc/shorewall/hosts…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/rules…
WARNING: One or more unreachable rules in chain loc2fw have been discarded /etc/shorewall/rules (line 111)
WARNING: One or more unreachable rules in chain net2fw have been discarded /etc/shorewall/rules (line 165)
WARNING: One or more unreachable rules in chain loc2net have been discarded /etc/shorewall/rules (line 266)
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Compiling /usr/share/shorewall/action.Reject for chain Reject…
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast…
Compiling /usr/share/shorewall/action.Drop for chain Drop…
Generating Rule Matrix…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Reloading Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Preparing iptables-restore input…
Running /sbin/iptables-restore …
iptables-restore: line 187 failed
ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input
Processing /etc/shorewall/stop …
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 26665 Terminated $SHOREWALL_SHELL $script options @

The firewall does not crash directly after that. But, as soon as I want to restart it, it fails…! same output of service shorewall status as in my first post…

honestly, you should use a gist for this usage, it is really better
https://gist.github.com

your fail2ban says that it wants to unban an IP but it cannot because shorewall is down

  [sshd] Unban 119.193.140.151
2017-02-21 20:39:26,410 fail2ban.action         [979]: ERROR   shorewall allow 119.193.140.151 -- stdout: ''
2017-02-21 20:39:26,410 fail2ban.action         [979]: ERROR   shorewall allow 119.193.140.151 -- stderr: '   ERROR: Shorewall is not started\n'
2017-02-21 20:39:26,410 fail2ban.action         [979]: ERROR   shorewall allow 119.193.140.151 -- returned 2

failban just reads logs, playing with regex to ban IP

what is the version of fail2ban please

rpm -qa |grep fail2ban

Please, show us line 187 of /var/lib/shorewall/.iptables-restore-input

grep-2.20-2.el7.x86_64

After creating the new rule, lines 185-188 of that file are -A tcpflags -p tcp --syn --sport 0 -g logflags -A ~ log0 -j LOG --log-level 6 --log-prefix "Shorewall:net2fw:DROP:" -m comment --comment "RULE#9" -A ~ log0 -j DROP -m comment --comment "RULE#9" COMMITWithout the rule, there is no line 187…
However the new rule is RULE#10 and that is in the /var/lib/shorewall/.iptables-restore-input file in lines 151-158: -A net2fw -p 1 --icmp-type 8 -j ACCEPT -m comment --comment "Ping" -A net2fw -m iprange --src-range 118.218.219.0-118.218.219.255 -j DROP -m comment --comment "RULE#10" -A net2fw -s 217.250.39.87 -j ACCEPT -m comment --comment "RULE#3" -A net2fw -p 6 -m multiport --dports 80,443 -j ACCEPT -m comment --comment "RULE#5" -A net2fw -p 6 -m multiport --dports 25,465,587 -j ACCEPT -m comment --comment "RULE#6" -A net2fw -g ~ log0 -m comment --comment "RULE#9" -A net2loc -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A net2loc -m iprange --src-range 118.218.219.0-118.218.219.255 -j DROP -m comment --comment "RULE#10"

I want it to be executed first… that is probably why it the order is somewhat misleading…

Next time, I will definitely put it on a gist…! :wink: thank you!

it doesn’t help me… :cry:

I can’t see errors in the .iptables-restore-input file.
Would you mind recreating the rule from scratch using a CIDR object instead of a range?
The net you’re blocking is a CIDR: 118.218.219.0/24

1 Like

thank you!!! that does indeed work!!!
But, do you have any idea why IP range doesn’t work??

EDIT: The range syntax would have been: 118.218.219.1-118.218.219.254

Right (stupid failure…)!!
However, I still get the very same error message as before…
Hence, this was not the reason… :frowning:

Summing up: ip ranges do not work.
But I can’t reproduce the problem. I created a drop rule using your ip range and a multiport destination. Here’s what I find:

-A net2fw -m iprange --src-range 118.218.219.1-118.218.219.254 -p 6 -m multiport --dports 80,443 -j DROP -m comment --comment "RULE#1

No shorewall errors.

And without ports, like yours:

-A net2loc -m iprange --src-range 118.218.219.1-118.218.219.254 -j DROP -m comment --comment "RULE#1"

Maybe you have some rules that combined with this lead to the problem. Could you share privately your full configuration?
tar -zcvf db.tgz /var/lib/nethserver/db/

1 Like

Hi, i have similar problem. It is related with COMMIT line in restore file. I’ve turn off all my “custom” rules but shorewall doesn’t start at boot, but if i restart shorewall it starts. Any help appreciated.

@dj_marian: perhaps your problem is more similar to this one Fail2ban shorewall with nethserver rc4

Ok, in this minute i’ve removed also all host objects and shorewall is starting at boot, but why this things doesn’t work?.
Edit:
Thanks phonon indeed my firewalld was inactive(dead) but enabled so i turned it off. But the problem still apears if i have just one host in objects (shorewall doesn’t start at boot).

Edit:
It seems that when I fixed problem with libvirtd (not starting) now I can have firewall objects and shorewall starts at boot.

Thanks to @filippo_carletti I found my failure… I hadn’t rebooted my system after the last kernel update… now everything works! :wink:

1 Like