Fixing synchronization problems in fail2ban
fail2ban is a software which can be used to monitor service log files and ban IP addresses which executed a brute force attack or tried to use the mail server as a spam relay. In the default configuration in Debian GNU/Linux only SSH login attempts are monitored which works pretty nice. But when you try to add more services then you may run into the problem that fail2ban no longer starts up correctly. The log file contains errors like this:
fail2ban.actions.action: ERROR iptables -N fail2ban-ssh iptables -A fail2ban-ssh -j RETURN iptables -I INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh returned 200
I searched on the net but only found more victims of this problem, no solution. So I analyzed what was going on here and I finally figured it out.
Continue reading "Fixing synchronization problems in fail2ban"