[BlueOnyx:25998] ip route add unreachable, fail2ban problem?
Darren Wolfe
darren at intersys-group.com
Fri Feb 24 08:50:39 -05 2023
On a 5210r box, I get the logwatch email and I am seeing a lot of errors relating to adding ip route commands:
7f84f87ca450 -- exec: ip route add unreachable 43.240.103.138: 2 Time(s)
7f84f87ca450 -- stderr: 'RTNETLINK answers: File exists': 2 Time(s)
7f8534ce0c38 -- exec: ip route del unreachable 43.240.103.138: 2 Time(s)
7f8534ce0c38 -- stderr: 'RTNETLINK answers: No such process': 2 Time(s)
There are a lot of these, with different IPs
Further down I see what appears to be matching entries from fail2ban:
Failed to execute ban jail 'pam-generic' action 'route' info 'ActionInfo({'ip': '43.240.103.138', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f8530f0b048>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f8530f0b6a8>})': Error banning 43.240.103.138: 1 Time(s)
What is odd here is that I have fail2ban on two other (5209r) servers and they appear to add the block rules with iptables with many "f2b-*" chains, but 5210r doesn't do it that way? There are no f2b-* chains there
Thanks
Darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230224/d9fd52d8/attachment.html>
More information about the Blueonyx
mailing list