|Operating system |CentOS Linux 7.9.2009|
|Webmin version |1.994|
|Usermin version |1.840|
|Virtualmin version |7.1|
Hi All,
Maybe a heads-up but more likely something I have done.
I have just been blocked from accessing a server due to unexpected behaviour of recidive jail in fail2ban.
In order to be able to manually ban IP numbers for a long period (30 days) I enabled the recidive jail in Fail2ban. This server doesn’t appear to get much recidivist action.
In order to test that the ban was working I ran “fail2ban-client set recidive banip XXX.XXX.XXX.XXX” but I entered the wrong IP number. I should have entered a testing IP number but entered my actual IP number that is in use. Worse still, it is the ONLY IP number that Virtualmin has as allowed IP numbers.
That IP number is listed in IP addresses to never ban in the recidive jail but it still got banned.
I’m assuming that running “fail2ban-client set recidive banip XXX.XXX.XXX.XXX” actually overrides the setting to never ban specified IP numbers. If so, this is a heads-up.
In order to get back into the server I had to SSH in and stop the firewall ( systemctl stop firewalld) before I could get back in.
I would not be surprised if this was my error but if there is an undocumented creature (ok, bug) then be aware.
Happy to recieve any comments.
Tim