Fail2Ban can't insert iptables rule
6,942
You'll notice the configuration of the chain from which you are trying to delete rules:
Chain fail2ban-apache-noscript (1 references)
pkts bytes target prot opt in out source destination
93 7257 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
There are no rules in that chain to delete at all except the return everything unmatched rule. So, the blocking fail2ban is trying to remove is already gone.
Most likely, you can ignore this, as the command's goal has already been achieved. Since you have no active bans you may want to run /etc/init.d/fail2ban force-reload
just to clean up its state.
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Author by
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
It seems my fail2ban can't ban a host:
2013-06-22 18:18:24,546 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-apache-noscript returned 100 2013-06-22 18:18:24,546 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment 2013-06-22 18:18:24,869 fail2ban.actions.action: ERROR iptables -D fail2ban-apache-noscript -s 185.13.228.98 -j DROP returned 100
when i manually use the command, iptables complains:
# iptables -D fail2ban-apache-noscript -s 185.13.228.98 -j DROP iptables: Bad rule (does a matching rule exist in that chain?).
Although it seems the chain do exists:
# iptables -L -v -n Chain INPUT (policy ACCEPT 412 packets, 36051 bytes) pkts bytes target prot opt in out source destination 93 7257 fail2ban-apache tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 0 0 fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465 0 0 fail2ban-postfix tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465 311 27844 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 130 93 7257 fail2ban-apache-overflows tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 93 7257 fail2ban-apache-multiport tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 311 27844 fail2ban-ssh-ddos tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 130 406 35205 fail2ban-pam-generic tcp -- * * 0.0.0.0/0 0.0.0.0/0 93 7257 fail2ban-apache-noscript tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 296 packets, 105K bytes) pkts bytes target prot opt in out source destination Chain fail2ban-apache (1 references) pkts bytes target prot opt in out source destination 93 7257 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-multiport (1 references) pkts bytes target prot opt in out source destination 93 7257 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-noscript (1 references) pkts bytes target prot opt in out source destination 93 7257 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-apache-overflows (1 references) pkts bytes target prot opt in out source destination 93 7257 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-pam-generic (1 references) pkts bytes target prot opt in out source destination 406 35205 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-postfix (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-sasl (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 311 27844 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh-ddos (1 references) pkts bytes target prot opt in out source destination 311 27844 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
What is the problem?!