fail2ban has some issue with multiple lines of iptables command as an action, mentioned on fail2ban wiki talk page http://www.fail2ban.org/wiki/index.php/Fail2ban_talk:Community_Portal#fail2ban.action.action_ERROR_on_startup.2Frestart " by editing /usr/bin/fail2ban-client and adding a time.sleep(0.1) def __processCmd(self, cmd, showRet = True): beautifier = Beautifier() for c in cmd: time.sleep(0.1) beautifier.setInputCmd(c) " Reproducible: Always Steps to Reproduce: multiple jails using action that contained complex iptables command, especial with those action contain more than 10 lines of iptables command Actual Results: something like this in fail2ban.log, for example 2011-01-13 01:51:55,596 fail2ban.actions.action: ERROR iptables -t raw -N fail2ban-cp-notrack iptables -t raw -A fail2ban-cp-notrack -j RETURN iptables -t raw -I PREROUTING -p tcp -j fail2ban-cp-notrack --in-interface ppp0 iptables -N fail2ban-cp-tarpit iptables -A fail2ban-cp-tarpit -j RETURN iptables -I INPUT -j fail2ban-cp-tarpit -p tcp --in-interface ppp0 iptables -N fail2ban-cp-drop iptables -A fail2ban-cp-drop -j RETURN iptables -I INPUT -j fail2ban-cp-drop --in-interface ppp0 returned 200 Expected Results: correspond iptables rule successful added, no error in fail2ban.log
Reopen when this is fixed upstream, please.
i have the same problem. The only answer i can find with google is to tadd this time.sleep(0.1).. but 1) it slow downs start and stop of the daemon, a lot! 2) i still have the errors..