I can't understand what could be happening, I need help from friends. apparently no error in operation, but it is not creating the rules in the firewall fail2ban.observer [16728]: INFO [sshd] Found ***.***.***.***, bad - 2025-01-19 04:02:42, 1 # -> 2.0 2025-01-19 04:02:42,817 fail2ban.actions [16728]: WARNING [sshd] ***.***.***.*** already banned I run the iptables commands: iptables -L -v -n ufw status fail2ban-client status postfix my jail.local looks like this: [DEFAULT] ignoreip = 127.0.0.1 ::1 187.34.46.110 findtime = 86400 maxretry = 3 destemail = [email protected] sender = root sendername = Fail2ban backend = polling bantime = 6048000 bantime.increment = true bantime.factor = 2 [postfix] enabled = true port = smtp,465,587,submission filter = postfix[mode=aggressive] logpath = %(postfix_log)s backend = %(postfix_backend)s action = %(action_mwl)s %(action_abuseipdb)s[abuseipdb_category="7,10,11,15,17,18,19"] banaction = %(banaction_allports)s
fail2ban quite clearly states that the affected jail is sshd yet you're checking the status of the postfix jail to see if the ip is banned. try Code: fail2ban-client banned to list all banned ip's in all jails.
This works too, but I always check through Ispconfig, in Monitor -> display Fail2ban log I copy the last Banned IP, go to Monitor -> Display Firewall Rules and search for the Banned IP, if it is not in the list of rules, it was not there created rules
don't know if you're using ubuntu, debian or something else, or how recent a version, but maybe it's using nftables instead. try Code: nft list ruleset on mine (ubuntu 24.04), it includes a table for all the fail2ban rules... with sets for each jail with the currently blocked ips (ip4 and ip6 have their own sets), and a chain at the end for what to do with each set. Code: table inet f2b-table { set addr-set-sshd { type ipv4_addr elements = { 120.131.12.238, 138.197.0.110 } } set addr-set-apache-badbots { type ipv4_addr elements = { 3.94.156.104, 3.214.176.44, 4.227.36.29, 4.227.36.37, 4.227.36.90, 18.207.89.138, 35.173.18.61, 47.128.17.157, 47.128.18.138, 47.128.22.110, 47.128.22.163, 47.128.27.84, 47.128.29.151, 47.128.33.87, 47.128.33.143, 47.128.35.248, 47.128.37.32, 47.128.45.81, 47.128.47.161, 47.128.49.135, 47.128.60.62, 47.128.96.102, 47.128.98.220, 47.128.115.59, 47.128.118.135, 47.128.122.31, 47.128.127.201, 52.3.102.51, 52.5.232.250, 52.207.47.227, 54.83.23.103, 54.162.69.192, 81.17.57.144, 85.208.96.199, 85.208.96.200, 85.208.96.201, 85.208.96.209, 114.119.146.15, 185.191.171.1, 185.191.171.6, 185.191.171.8, 185.191.171.10, 185.191.171.11, 185.191.171.12, 185.191.171.13, 185.191.171.14, 185.191.171.16, 192.99.3.137, 195.191.219.130, 195.191.219.131, 202.8.40.204, 217.113.194.30, 217.113.194.222, 217.113.194.230 } } set addr-set-wp-login { type ipv4_addr elements = { 65.254.93.245 } } set addr6-set-apache-badbots { type ipv6_addr elements = { 2602:ffe4:8:1001::5, 2a03:ee40:8080:15::130, 2a0d:3002:2100:a026:1::112 } } set addr6-set-sshd { type ipv6_addr } set addr-set-xmlrpc { type ipv4_addr elements = { 43.205.96.146, 194.26.192.14 } } set addr-set-4xx { type ipv4_addr } set addr6-set-xmlrpc { type ipv6_addr } set addr6-set-4xx { type ipv6_addr } set addr6-set-wp-login { type ipv6_addr } chain f2b-chain { type filter hook input priority filter - 1; policy accept; tcp dport 22 ip saddr @addr-set-sshd reject with icmp port-unreachable tcp dport { 80, 443 } ip saddr @addr-set-apache-badbots reject with icmp port-unreachable tcp dport { 80, 443 } ip saddr @addr-set-wp-login reject with icmp port-unreachable tcp dport { 80, 443 } ip6 saddr @addr6-set-apache-badbots reject with icmpv6 port-unreachable tcp dport 22 ip6 saddr @addr6-set-sshd reject with icmpv6 port-unreachable tcp dport { 80, 443 } ip saddr @addr-set-xmlrpc reject with icmp port-unreachable tcp dport { 80, 443 } ip saddr @addr-set-4xx reject with icmp port-unreachable tcp dport { 80, 443 } ip6 saddr @addr6-set-xmlrpc reject with icmpv6 port-unreachable tcp dport { 80, 443 } ip6 saddr @addr6-set-4xx reject with icmpv6 port-unreachable tcp dport { 80, 443 } ip6 saddr @addr6-set-wp-login reject with icmpv6 port-unreachable }
A bit more verbose command: Code: fail2ban-client status|awk -F: '/Jail list:/ { split($2,jail,",") ; for (i in jail) { gsub(/[\t ]/,"",jail[i]); system("fail2ban-client status "jail[i]); }; }'