Fail2Ban - Almalinux 10 - INVALID_IPV: ‘ipv4’ is not a valid

xpert-servers · September 22, 2025, 12:54pm

SYSTEM INFORMATION
OS type and version	Almalinux 10
Webmin version	2.510

Seeing this error: firewalld[3055]: ERROR: INVALID_IPV: ‘ipv4’ is not a valid backend or is unavailable

In the firewalld status when I attempt to add a test sshd ban. Everything works fine but it does not appear to add to the rich firewall rules. This appears a bug as this does work on my 9.6 system but not the newer 10.0 - both VMs are using the exact same setup only the version of the OS is different.

Anyone have suggestions for this? I have tried various .local file edits but now at a loss.

xpert-servers · September 22, 2025, 4:41pm

2025-09-22 17:40:04,730 fail2ban.actions        [48811]: DEBUG   Banned 1 / 1, 1 ticket(s) in 'sshd'
2025-09-22 17:40:04,730 fail2ban.utils          [48811]: DEBUG   557ab4a21230 -- returned successfully 0
RuntimeError: Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error'
    raise RuntimeError("Error %s action %s/%s: %r" % (operation, self._jail, self._name, err))
  File "/usr/lib/python3.12/site-packages/fail2ban/server/action.py", line 479, in _executeOperation
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ret = self._executeOperation('<actionstart>', 'starting', family=family, afterExec=_started)
  File "/usr/lib/python3.12/site-packages/fail2ban/server/action.py", line 546, in _start
    self._start(family, forceStart=True)
  File "/usr/lib/python3.12/site-packages/fail2ban/server/action.py", line 565, in ban
    action.ban(aInfo)
  File "/usr/lib/python3.12/site-packages/fail2ban/server/actions.py", line 513, in __checkBan
Traceback (most recent call last):
2025-09-22 17:40:03,983 fail2ban.actions        [48811]: ERROR   Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '203.0.113.123', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f830eb8fce0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f830ebac4a0>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error'
2025-09-22 17:40:03,983 fail2ban.utils          [48811]: ERROR   7f830eba7990 -- returned 111
2025-09-22 17:40:03,983 fail2ban.utils          [48811]: ERROR   7f830eba7990 -- stderr: "Error: INVALID_IPV: 'ipv4' is not a valid backend or is unavailable"
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports ssh -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable
2025-09-22 17:40:03,983 fail2ban.utils          [48811]: ERROR   7f830eba7990 -- exec: ipset -exist create f2b-sshd hash:ip timeout 0 maxelem 65536 
2025-09-22 17:40:03,733 fail2ban.observer       [48811]: DEBUG   [sshd] Observer: ban found 203.0.113.123, 2592000
2025-09-22 17:40:03,733 fail2ban.actions        [48811]: NOTICE  [sshd] Ban 203.0.113.123

szsahin · November 8, 2025, 2:27am

It is not a fail2ban error but it is a firewalld error. I did not pinpoint which firewalld packages causing error. But strangely, after doing these, the INVALID_IPV errors vanished and firewalld+fail2ban started working normally.

installed certbot, certbot-cloudflare, certbot-nginx, certbot-apache packages.
add an --add-service=https rule to public zone.
restarted firewalld service and fail2ban service

I do not know which step touched the underlying reason, but these steps worked for me…

BTW, I’ve seen a lot of different/unrelated quirks in the EL 10.0 distro. I am not sure EL 10.0 distro is really mature to be in production.