NethServer Version: 7.3.1611
Module: Fail2Ban recidive
The recent Update of the Fail2Ban seems to work pretty well for the postfix-ddos, http-access, & dovecot jails on unauthorized access or login.
However, when checking the fail2ban log, I find the recidive function is not quite working, it finds the repeating offending IP’s but not BANNING them.
Here’s what I see from the Status:
Checking with ‘fail2ban-client status recidive’
Status for the jail: recidive
|- Filter
| |- Currently failed: 29
| |- Total failed: 29
| - File list: /var/log/fail2ban.log /var/log/fail2ban.log-20170515 /var/log/fail2ban.log-20170501 /var/log/fail2ban.log-20170507
- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
This is the current setting in the jail.local config file
[recidive]
enabled = true
logpath = /var/log/fail2ban.log*
banaction = shorewall
bantime = 604800
findtime = 169200
maxretry = 6
Here’s the portion from the fail2ban log.
2017-05-15 04:58:57,826 fail2ban.filter [3680]: INFO [recidive] Found 146.185.177.103
2017-05-15 04:58:57,846 fail2ban.filter [3680]: INFO [recidive] Found 12.0.230.144
2017-05-15 04:58:57,884 fail2ban.filter [3680]: INFO [recidive] Found 178.74.243.246
2017-05-15 04:58:57,913 fail2ban.filter [3680]: INFO [recidive] Found 27.25.247.103
2017-05-15 04:58:57,921 fail2ban.filter [3680]: INFO [recidive] Found 172.104.150.144
2017-05-15 04:58:57,926 fail2ban.filter [3680]: INFO [recidive] Found 49.84.152.9
2017-05-15 04:58:57,935 fail2ban.filter [3680]: INFO [recidive] Found 49.84.151.70
2017-05-15 04:58:57,941 fail2ban.filter [3680]: INFO [recidive] Found 58.208.16.209
2017-05-15 04:58:57,949 fail2ban.filter [3680]: INFO [recidive] Found 114.239.3.184
2017-05-15 04:58:57,960 fail2ban.filter [3680]: INFO [recidive] Found 117.82.17.148
2017-05-15 04:58:57,978 fail2ban.filter [3680]: INFO [recidive] Found 180.125.176.33
2017-05-15 04:58:57,996 fail2ban.filter [3680]: INFO [recidive] Found 111.181.66.176
2017-05-15 04:58:58,008 fail2ban.filter [3680]: INFO [recidive] Found 114.229.6.176
2017-05-15 04:58:58,067 fail2ban.filter [3680]: INFO [recidive] Found 184.95.53.138
2017-05-15 04:58:58,086 fail2ban.filter [3680]: INFO [recidive] Found 171.80.153.111
2017-05-15 04:58:58,098 fail2ban.filter [3680]: INFO [recidive] Found 119.102.130.163
2017-05-15 04:58:58,106 fail2ban.filter [3680]: INFO [recidive] Found 221.153.239.3
2017-05-15 04:58:58,116 fail2ban.filter [3680]: INFO [recidive] Found 49.84.151.180
2017-05-15 04:58:58,128 fail2ban.filter [3680]: INFO [recidive] Found 111.181.83.107
2017-05-15 04:58:58,147 fail2ban.filter [3680]: INFO [recidive] Found 171.80.155.48
2017-05-15 04:58:58,150 fail2ban.filter [3680]: INFO [recidive] Found 171.41.80.172
2017-05-15 04:58:58,157 fail2ban.filter [3680]: INFO [recidive] Found 113.123.127.222
2017-05-15 04:58:58,161 fail2ban.filter [3680]: INFO [recidive] Found 171.43.19.162
2017-05-15 04:58:58,173 fail2ban.filter [3680]: INFO [recidive] Found 138.197.104.10
2017-05-15 04:58:58,180 fail2ban.filter [3680]: INFO [recidive] Found 27.25.224.135
2017-05-15 04:58:58,187 fail2ban.filter [3680]: INFO [recidive] Found 113.121.23.12
2017-05-15 04:58:58,201 fail2ban.filter [3680]: INFO [recidive] Found 123.169.34.100
2017-05-15 04:58:58,210 fail2ban.filter [3680]: INFO [recidive] Found 115.203.86.68
2017-05-15 04:58:58,229 fail2ban.filter [3680]: INFO [recidive] Found 23.227.199.108
Seems to me that Shorewall is not BANNING the IP’s
Any idea what to check for ?.. Would be nice to get this fix too .