After installing ISPConfig 3.0.4 on a test machine, along with fail2ban, i saw saw an error in fail2ban log. It seems there was a “race” condition with iptables.
My test setup was : ISPConfig 3.0.4 running on Ubuntu 11.04 x64 Server, Fail2ban version 0.8.4
Hardware : IBM x3550, 2 GB RAM, 146 GB SAS 15k
The error was like this : ERROR iptables -N fail2ban-courierpop3s returned 200
In IPSConfig panel, in Monitor -> Logfiles -> Show Fail2ban log you can see this error :
2011-11-17 14:07:22,318 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3s iptables -A fail2ban-courierpop3s -j RETURN iptables -I INPUT -p tcp -m multiport --dports pop3s -j fail2ban-courierpop3s returned 200
You must edit /usr/bin/fail2ban-client python application.
Add the line:
time.sleep(0.1)
In the function :
def __processCmd(self, cmd, showRet = True): beautifier = Beautifier() for c in cmd: beautifier.setInputCmd(c)
so it looks like this :
def __processCmd(self, cmd, showRet = True): beautifier = Beautifier() for c in cmd: time.sleep(0.1) beautifier.setInputCmd(c)
Original post was here, but the fail2ban-client python application is a bit different.
Edit : you can also find the same problem and resolution on the fail2ban wiki.
2 comments
1 ping
Thanks! Saved my day today!
Great! This solved my terrible headache 🙂
[…] Otro error típico que podemos encontrar es la aparición de errores con iptables al reiniciar el servicio de fail2ban. Para solucionar esto tenemos que editar el fichero /usr/bin/fail2ban-client y añadir la línea time.sleep(0.1) como se indica a continuación (http://www.evilbox.ro/linux/fail2ban-iptables-error-on-ispconfig-on-ubuntu-11/): […]