1 Topic by YurkshireLad

  • YurkshireLad
  • Guest

Topic: RuntimeError: Error flushing action Jail('sshd')/iptables-multiport

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version 1.2.1
- Deployed with the downloadable installer
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I noticed this error in the logs

2020-05-31 19:37:28,383 fail2ban.actions        [5058]: NOTICE  [sshd] Ban 222.186.180.142
2020-05-31 19:37:29,535 fail2ban.filter         [5058]: INFO    [sshd] Found 222.186.180.142 - 2020-05-31 19:37:29
2020-05-31 19:40:13,057 fail2ban.server         [5058]: INFO    Shutdown in progress...
2020-05-31 19:40:13,057 fail2ban.server         [5058]: INFO    Stopping all jails
2020-05-31 19:40:13,058 fail2ban.filter         [5058]: INFO    Removed logfile: '/var/log/auth.log'
2020-05-31 19:40:13,259 fail2ban.actions        [5058]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
2020-05-31 19:40:13,267 fail2ban.utils          [5058]: Level 39 7fa56955c420 -- exec: iptables -w -F f2b-sshd
2020-05-31 19:40:13,267 fail2ban.utils          [5058]: ERROR   7fa56955c420 -- stderr: 'iptables: No chain/target/match by that name.'
2020-05-31 19:40:13,267 fail2ban.utils          [5058]: ERROR   7fa56955c420 -- returned 1
2020-05-31 19:40:13,268 fail2ban                [5058]: CRITICAL Unhandled exception in Fail2Ban:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 69, in run_with_except_hook
    run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 287, in run
    self.__flushBan()
  File "/usr/lib/python3/dist-packages/fail2ban/server/actions.py", line 464, in __flushBan
    action.flush()
  File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 475, in flush
    return self._executeOperation('<actionflush>', 'flushing', family=family)
  File "/usr/lib/python3/dist-packages/fail2ban/server/action.py", line 381, in _executeOperation
    raise RuntimeError("Error %s action %s/%s" % (operation, self._jail, self._name,))
RuntimeError: Error flushing action Jail('sshd')/iptables-multiport
2020-05-31 19:40:13,271 fail2ban.jail           [5058]: INFO    Jail 'sshd' stopped

The service appears to be running:

status fail2ban
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-05-31 20:19:05 CEST; 5min ago

I opened port 389 to allow my other sites to connect to the LDAP server. I think I added the rules before the error occurred:

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ldap ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ldap ctstate ESTABLISHED

Is this an issue or is fail2ban still working as expected? Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: RuntimeError: Error flushing action Jail('sshd')/iptables-multiport

YurkshireLad wrote:

2020-05-31 19:40:13,267 fail2ban.utils          [5058]: ERROR   7fa56955c420 -- stderr: 'iptables: No chain/target/match by that name.'

This is the cause. Did you change any setting in file /etc/fail2ban/jail.d/sshd.local? What's the full content?

YurkshireLad wrote:

I opened port 389 to allow my other sites to connect to the LDAP server. I think I added the rules before the error occurred:

You'd better just open 389 to your other sides, and still block access from other IP addresses.

3 Reply by YurkshireLad

  • YurkshireLad
  • Guest

Re: RuntimeError: Error flushing action Jail('sshd')/iptables-multiport

I didn't change the fail2ban settings. I'll have to post the contents later. Thanks.

4 Reply by YurkshireLad

  • YurkshireLad
  • Guest

Re: RuntimeError: Error flushing action Jail('sshd')/iptables-multiport

More fail2ban errors on Ubuntu 18.04, and this time I didn't change anything (and no new iptables rules):

2020-06-01 20:28:55,220 fail2ban.utils          [5931]: Level 39 7ff8df158168 -- exec: iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2020-06-01 20:28:55,221 fail2ban.utils          [5931]: ERROR   7ff8df158168 -- returned 1
2020-06-01 20:28:55,221 fail2ban.CommandAction  [5931]: ERROR   Invariant check failed. Trying to restore a sane environment
2020-06-01 20:28:55,299 fail2ban.utils          [5931]: Level 39 7ff8e0f09d50 -- exec: iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
iptables -w -F f2b-sshd
iptables -w -X f2b-sshd
2020-06-01 20:28:55,299 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- stderr: "iptables v1.6.1: Couldn't load target `f2b-sshd':No such file or directory"
2020-06-01 20:28:55,299 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- stderr: ''
2020-06-01 20:28:55,300 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2020-06-01 20:28:55,300 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- stderr: 'iptables: No chain/target/match by that name.'
2020-06-01 20:28:55,300 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- stderr: 'iptables: No chain/target/match by that name.'
2020-06-01 20:28:55,300 fail2ban.utils          [5931]: ERROR   7ff8e0f09d50 -- returned 1
2020-06-01 20:28:55,364 fail2ban.utils          [5931]: Level 39 7ff8df158168 -- exec: iptables -w -n -L INPUT | grep -q 'f2b-sshd[ \t]'
2020-06-01 20:28:55,365 fail2ban.utils          [5931]: ERROR   7ff8df158168 -- returned 1
2020-06-01 20:28:55,365 fail2ban.CommandAction  [5931]: CRITICAL Unable to restore environment
2020-06-01 20:28:55,365 fail2ban.actions        [5931]: ERROR   Failed to execute unban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': '222.186.42.136', 'family': 'inet4', 'ip-rev': '136.42.186.222.', 'ip-host': None, 'fid': '222.186.42.136', 'failures': 5, 'time': 1591035534.0, 'matches': 'Jun  1 20:18:40 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:42 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:44 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2', 'restored': 0, 'F-*': {'matches': ['Jun  1 20:18:40 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2', 'Jun  1 20:18:42 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2', 'Jun  1 20:18:44 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2'], 'failures': 5, 'mlfid': ' v2202005122029119509 sshd[14444]: ', 'user': '', 'ip4': '222.186.42.136'}, 'ipmatches': 'Jun  1 20:18:40 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:42 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:44 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2', 'ipjailmatches': 'Jun  1 20:18:40 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:42 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2\nJun  1 20:18:44 v2202005122029119509 sshd[14444]: Failed password for root from 222.186.42.136 port 24675 ssh2', 'ipfailures': 5, 'ipjailfailures': 5})': Error unbanning 222.186.42.136

Sorry Zhang, I'm overloading you with forum posts today!

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: RuntimeError: Error flushing action Jail('sshd')/iptables-multiport

Restart iptables and ip6tables, fail2ban services, then try again.