Summary: | net-analyzer/fail2ban-0.8.4-r3: iptables race condition while adding chains | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | cilly <cilly> |
Component: | [OLD] Core system | Assignee: | Markos Chandras (RETIRED) <hwoarang> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | normal | CC: | netmon, xman00 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/fail2ban/fail2ban/commit/3a58d0e6e40898c5b4ec14cafa625229b4c2081d | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 392481 | ||
Bug Blocks: | |||
Attachments: |
fail2ban-0.8.4-iptables_race_condition.patch
ebuild to include patch in previous attachment |
Description
cilly
2011-08-12 13:37:03 UTC
you really should try the latest versions of packages. like iptables 1.4.12. Is it possible to add some debugging output to see what errors actually are there? Or... could you try iptables-1.4.12.1 so I could fast stabilize it to fix this error? Ok I hope this bug is fixed. Any way we need some information to work with. This bug isn't fixed in iptables-1.4.12.1. I tested it and there are still some lines missing. 2011-09-14 14:40:48,498 fail2ban.jail : INFO Jail 'courier-iptables' stopped 2011-09-14 14:40:49,518 fail2ban.jail : INFO Jail 'sasl-iptables' stopped 2011-09-14 14:40:49,530 fail2ban.server : INFO Exiting Fail2ban 2011-09-14 14:41:07,875 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2011-09-14 14:41:07,879 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2011-09-14 14:41:07,884 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2011-09-14 14:41:07,994 fail2ban.filter : INFO Added logfile = /var/log/secure.log 2011-09-14 14:41:07,999 fail2ban.filter : INFO Set maxRetry = 3 2011-09-14 14:41:08,014 fail2ban.filter : INFO Set findtime = 600 2011-09-14 14:41:08,018 fail2ban.actions: INFO Set banTime = 3600 2011-09-14 14:41:08,352 fail2ban.jail : INFO Creating new jail 'apache-auth' 2011-09-14 14:41:08,354 fail2ban.jail : INFO Jail 'apache-auth' uses Gamin 2011-09-14 14:41:08,363 fail2ban.filter : INFO Added logfile = /var/log/apache2/ssl_error_log 2011-09-14 14:41:08,369 fail2ban.filter : INFO Added logfile = /var/log/apache2/error_log 2011-09-14 14:41:08,373 fail2ban.filter : INFO Set maxRetry = 3 2011-09-14 14:41:08,388 fail2ban.filter : INFO Set findtime = 600 2011-09-14 14:41:08,393 fail2ban.actions: INFO Set banTime = 3600 2011-09-14 14:41:08,501 fail2ban.jail : INFO Creating new jail 'sasl-iptables' 2011-09-14 14:41:08,503 fail2ban.jail : INFO Jail 'sasl-iptables' uses Gamin 2011-09-14 14:41:08,511 fail2ban.filter : INFO Added logfile = /var/log/mail/mail.log 2011-09-14 14:41:08,516 fail2ban.filter : INFO Set maxRetry = 3 2011-09-14 14:41:08,531 fail2ban.filter : INFO Set findtime = 600 2011-09-14 14:41:08,536 fail2ban.actions: INFO Set banTime = 3600 2011-09-14 14:41:08,616 fail2ban.jail : INFO Creating new jail 'courier-iptables' 2011-09-14 14:41:08,620 fail2ban.jail : INFO Jail 'courier-iptables' uses Gamin 2011-09-14 14:41:08,628 fail2ban.filter : INFO Added logfile = /var/log/mail/mail.log 2011-09-14 14:41:08,633 fail2ban.filter : INFO Set maxRetry = 3 2011-09-14 14:41:08,648 fail2ban.filter : INFO Set findtime = 600 2011-09-14 14:41:08,653 fail2ban.actions: INFO Set banTime = 3600 2011-09-14 14:41:08,732 fail2ban.jail : INFO Jail 'ssh-iptables' started 2011-09-14 14:41:08,751 fail2ban.jail : INFO Jail 'apache-auth' started 2011-09-14 14:41:08,777 fail2ban.jail : INFO Jail 'sasl-iptables' started 2011-09-14 14:41:08,809 fail2ban.jail : INFO Jail 'courier-iptables' started 2011-09-14 14:41:08,993 fail2ban.actions.action: ERROR iptables -N fail2ban-SSH iptables -A fail2ban-SSH -j RETURN iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 400 I found a solution: http://www.fail2ban.org/wiki/index.php/Fail2ban_talk:Community_Portal#fail2ban.actions.action_ERROR_on_startup.2Frestart Created attachment 286429 [details, diff]
fail2ban-0.8.4-iptables_race_condition.patch
Created attachment 286431 [details, diff]
ebuild to include patch in previous attachment
@pva: pls assign to fail2ban herd Uh, fixing race conditions with sleep is really horrible idea :) Yes sleep is not a proper solution to this problem so this patch wont be applied to fail2ban package Could someone please try the $URL and see if this race condition is reproducible? This should be fixed in 0.8.6 |