Fail2ban iptables error on ISPConfig on Ubuntu 11

After installing ISPConfig 3.0.4 on a test machine, along with fail2ban, i saw saw an error in fail2ban log. It seems there was a “race” condition with iptables.
My test setup was : ISPConfig 3.0.4 running on Ubuntu 11.04 x64 Server, Fail2ban version 0.8.4
Hardware : IBM x3550, 2 GB RAM, 146 GB SAS 15k

The error was like this : ERROR iptables -N fail2ban-courierpop3s returned 200

In IPSConfig panel, in Monitor -> Logfiles -> Show Fail2ban log you can see this error :

2011-11-17 14:07:22,318 fail2ban.actions.action: ERROR iptables -N fail2ban-courierpop3s
iptables -A fail2ban-courierpop3s -j RETURN
iptables -I INPUT -p tcp -m multiport --dports pop3s -j fail2ban-courierpop3s returned 200

You must edit /usr/bin/fail2ban-client python application.

Add the line:
time.sleep(0.1)

In the function :

def __processCmd(self, cmd, showRet = True):
          beautifier = Beautifier()
          for c in cmd:
               beautifier.setInputCmd(c)

so it looks like this :

def __processCmd(self, cmd, showRet = True):
          beautifier = Beautifier()
          for c in cmd:
               time.sleep(0.1)
               beautifier.setInputCmd(c)

Original post was here, but the fail2ban-client python application is a bit different.

Edit : you can also find the same problem and resolution on the fail2ban wiki.

2 comments

1 ping

    • Seven on March 14, 2013 at 11:57 pm
    • Reply

    Thanks! Saved my day today!

  1. Great! This solved my terrible headache ­čÖé

  1. […] Otro error t├şpico que podemos encontrar es la aparici├│n de errores con iptables al reiniciar el servicio de fail2ban. Para solucionar esto tenemos que editar el fichero /usr/bin/fail2ban-client y a├▒adir la l├şnea┬átime.sleep(0.1) como se indica a continuaci├│n (http://www.evilbox.ro/linux/fail2ban-iptables-error-on-ispconfig-on-ubuntu-11/): […]

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.