Iptables

防火牆的fail2ban錯誤(f2b-<監獄名稱>:沒有這樣的文件或目錄)

  • January 13, 2020

我已經使用 fail2ban 幾個月了,沒有任何問題,但在 CentOS 升級後它停止工作。似乎它沒有創建 iptables 條目。我已經嘗試過重啟fail2ban,重啟VPS,以及所有基本的東西。相關錯誤是:

/var/log/fail2ban.log

2020-01-12 12:15:52,994 fail2ban.actions        [496]: NOTICE  [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils          [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions        [496]: ERROR   Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': &lt;function &lt;lambda&gt; at 0x7f4db41bf578&gt;, 'family': 'inet4', 'raw-ticket': &lt;function &lt;lambda&gt; at 0x7f4db41bfa28&gt;})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports

/var/log/firewalld

2020-01-12 12:15:53 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed

2020-01-12 12:15:53 ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed

2020-01-12 12:15:54 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory

iptables -L輸出:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

內容/etc/systemd/system/multi-user.target.wants/fail2ban.service

[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service
PartOf=iptables.service firewalld.service

[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target

/var/log/fail2ban.log在錯誤發生之前,這是完整的:

2020-01-12 12:15:51,018 fail2ban.server         [496]: INFO    Starting Fail2ban v0.10.4
2020-01-12 12:15:51,037 fail2ban.database       [496]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2020-01-12 12:15:51,183 fail2ban.jail           [496]: INFO    Creating new jail 'sshd'
2020-01-12 12:15:51,834 fail2ban.jail           [496]: INFO    Jail 'sshd' uses systemd {}
2020-01-12 12:15:51,836 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,837 fail2ban.filter         [496]: INFO      maxLines: 1
2020-01-12 12:15:51,878 fail2ban.filtersystemd  [496]: INFO    [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2020-01-12 12:15:51,879 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,879 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,880 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,880 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,882 fail2ban.jail           [496]: INFO    Creating new jail 'webmin-auth'
2020-01-12 12:15:51,882 fail2ban.jail           [496]: INFO    Jail 'webmin-auth' uses systemd {}
2020-01-12 12:15:51,883 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,889 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,890 fail2ban.actions        [496]: INFO      banTime: 600
2020-01-12 12:15:51,891 fail2ban.jail           [496]: INFO    Creating new jail 'proftpd'
2020-01-12 12:15:51,891 fail2ban.jail           [496]: INFO    Jail 'proftpd' uses systemd {}
2020-01-12 12:15:51,893 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,898 fail2ban.filtersystemd  [496]: INFO    [proftpd] Added journal match for: '_SYSTEMD_UNIT=proftpd.service'
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,899 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,900 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,901 fail2ban.jail           [496]: INFO    Creating new jail 'postfix'
2020-01-12 12:15:51,901 fail2ban.jail           [496]: INFO    Jail 'postfix' uses systemd {}
2020-01-12 12:15:51,902 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,913 fail2ban.filtersystemd  [496]: INFO    [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service'
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,914 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,915 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,916 fail2ban.jail           [496]: INFO    Creating new jail 'dovecot'
2020-01-12 12:15:51,916 fail2ban.jail           [496]: INFO    Jail 'dovecot' uses systemd {}
2020-01-12 12:15:51,917 fail2ban.jail           [496]: INFO    Initiated 'systemd' backend
2020-01-12 12:15:51,926 fail2ban.filtersystemd  [496]: INFO    [dovecot] Added journal match for: '_SYSTEMD_UNIT=dovecot.service'
2020-01-12 12:15:51,926 fail2ban.datedetector   [496]: INFO      date pattern `''`: `{^LN-BEG}TAI64N`
2020-01-12 12:15:51,927 fail2ban.filter         [496]: INFO      maxRetry: 5
2020-01-12 12:15:51,927 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:51,928 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:51,928 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:51,929 fail2ban.jail           [496]: INFO    Creating new jail 'postfix-reject-dynamo'
2020-01-12 12:15:52,032 fail2ban.jail           [496]: INFO    Jail 'postfix-reject-dynamo' uses poller {}
2020-01-12 12:15:52,033 fail2ban.jail           [496]: INFO    Initiated 'polling' backend
2020-01-12 12:15:52,118 fail2ban.filter         [496]: INFO    Added logfile: '/var/log/maillog' (pos = 17320260, hash = 48479d10b4c7d022471955ff13511a8c)
2020-01-12 12:15:52,119 fail2ban.filter         [496]: INFO      maxRetry: 3
2020-01-12 12:15:52,119 fail2ban.filter         [496]: INFO      encoding: ANSI_X3.4-1968
2020-01-12 12:15:52,120 fail2ban.filter         [496]: INFO      findtime: 600
2020-01-12 12:15:52,120 fail2ban.actions        [496]: INFO      banTime: 3600
2020-01-12 12:15:52,222 fail2ban.jail           [496]: INFO    Jail 'sshd' started
2020-01-12 12:15:52,260 fail2ban.filtersystemd  [496]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2020-01-12 12:15:52,269 fail2ban.jail           [496]: INFO    Jail 'webmin-auth' started
2020-01-12 12:15:52,401 fail2ban.jail           [496]: INFO    Jail 'proftpd' started
2020-01-12 12:15:52,659 fail2ban.jail           [496]: INFO    Jail 'postfix' started
2020-01-12 12:15:52,787 fail2ban.jail           [496]: INFO    Jail 'dovecot' started
2020-01-12 12:15:52,800 fail2ban.jail           [496]: INFO    Jail 'postfix-reject-dynamo' started
2020-01-12 12:15:52,994 fail2ban.actions        [496]: NOTICE  [postfix-reject-dynamo] Restore Ban 12.160.87.219
2020-01-12 12:15:54,684 fail2ban.utils          [496]: #39-Lev. 7f4db54f9c90 -- exec: firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: 'filter'"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed"
2020-01-12 12:15:54,685 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory"
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: 'Error occurred at line: 2'
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: "Try `iptables-restore -h' or 'iptables-restore --help' for more information."
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- stderr: ''
2020-01-12 12:15:54,686 fail2ban.utils          [496]: ERROR   7f4db54f9c90 -- returned 13
2020-01-12 12:15:54,686 fail2ban.actions        [496]: ERROR   Failed to execute ban jail 'postfix-reject-dynamo' action 'firewallcmd-allports' info 'ActionInfo({'ip': '12.160.87.219', 'fid': &lt;function &lt;lambda&gt; at 0x7f4db41bf578&gt;, 'family': 'inet4', 'raw-ticket': &lt;function &lt;lambda&gt; at 0x7f4db41bfa28&gt;})': Error starting action Jail('postfix-reject-dynamo')/firewallcmd-allports

CentOS Linux 版本 7.7.1908(核心)

我不知道這裡發生了什麼..

我感謝您的幫助。

防火牆的fail2ban錯誤…

那麼這不是fail2ban錯誤。

基本上,fail2ban 會嘗試執行以下命令(您可以在 shell 中以 root 身份自行嘗試):

firewall-cmd --direct --add-chain ipv4 filter f2b-postfix-reject-dynamo
firewall-cmd --direct --add-rule ipv4 filter f2b-postfix-reject-dynamo 1000 -j RETURN
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-postfix-reject-dynamo

出於某種原因,firewall-cmd或者更確切地說iptables-restore,它似乎由 firewall-cmd 內部使用,失敗並顯示:

Couldn't load target `f2b-postfix-reject-dynamo':No such file or directory

通常此消息沒有意義,因為firewall-cmd正在創建此鏈,並且此錯誤看起來會創建一些f2b-postfix-reject-dynamo由於某種原因仍然不存在的規則目標鏈。您應該檢查是否有一些針對此(不存在)鏈的持久規則並修復(或刪除)它。

例如,如果您嘗試在沒有第一個命令的情況下執行此操作,您會看到相同的錯誤:

# ## iptables -w -N f2b-test-chain; # this creates a chain
# iptables -w -I INPUT 1 -j f2b-test-chain; # insert rule to INPUT chain targeting f2b-test-chain
...
iptables v1.6.0: Couldn't load target `f2b-test-chain':No such file or directory

這很明顯是一個錯誤(註釋了創建鏈的第一個命令)。

所以一些試圖恢復使用的內部流防火牆iptables-restore似乎是錯誤的(包含無效引用)。

順便說一句,為什麼你不直接使用 iptables 而不是 firewalld?

引用自:https://serverfault.com/questions/998630