[BlueOnyx:14742] Re: fail2ban and iptables
Tom
wcstaff at webcoast.com
Sun Feb 23 23:36:32 -05 2014
Tom <wcstaff at ...> writes:
>
> Is there a way to stop fail2ban from rewriting a default iptables and
>just append the file?
> I configured several rules in iptables. And every time fail2ban writes
its
> drops to iptables, it resets it back to the default. I have performed
> iptables save, restore, manually copied and saved. It does no good.
> If I stop fail2ban, the problem goes away and my mods in iptables are
saved.
>
>
I located what is causing the problem, but don't know how to fix it. I
started getting the following cron email error right after the large YUM
Update.
------------------------------------------------------------------
/etc/cron.hourly/log_traffic:
iptables v1.4.7: host/network `0.0.0.0/0' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.7: host/network `0.0.0.0/0' not found
Try `iptables -h' or 'iptables --help' for more information.
------------------------------------------------------------------
SO In /etc/cron.hourly: (I temp REM'd out)
------------------------------------------------
### if [ -d "/etc/apf" ];then
exit
## fi
## if [ -x $IPTABLES ]; then
# export TABLES=1
# FWCONFIGFILE="/etc/sysconfig/iptables" # much like the ipchains
rules configuration
## fi
## Update the accounting rules and the ipchains/tables config file
## if [ $TABLES ]; then
## echo "# $FWCONFIGFILE
## This file is automatically generated by log_traffic.
## Any manual changes will be lost
## *filter
## :INPUT ACCEPT [0:0]
## :FORWARD ACCEPT [0:0]
## :OUTPUT ACCEPT [0:0]
## :acctin - [0:0]
## :acctout - [0:0]
## -A INPUT -j acctin
## -A OUTPUT -j acctout" > $FWCONFIGFILE
## else
## echo "# $FWCONFIGFILE
## This file is automatically generated by log_traffic.
## Any manual changes will be lost
---------------------------------------------------------------
More information about the Blueonyx
mailing list