[BlueOnyx:25999] Re: ip route add unreachable, fail2ban problem?
Michael Stauber
mstauber at blueonyx.it
Fri Feb 24 12:56:25 -05 2023
Hi Darren,
> On a 5210r box, I get the logwatch email and I am seeing a lot of errors
> relating to adding ip route commands:
>
> What is odd here is that I have fail2ban on two other (5209r) servers
> and they appear to add the block rules with iptables with many “f2b-*”
> chains, but 5210r doesn’t do it that way? There are no f2b-* chains there
BlueOnyx 5210R CTs on OpenVZ 7 (Aventurin{e} 6109R) have the issue that
firewalling inside the CT is not fully working due to architectural
reasons. Firewall rules are manageable and will show as being present,
but they simply won't work.
For that reason Fail2ban uses null-routes to block offending IPs. In
your case Fail2ban attempted to create a null-route for an IP that was
already blocked - possibly by APF.
So this can be ignored.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list