Fail2Ban not blocked hosts for proftpd

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Debian 11
Virtualmin version 7.7

I’ve read all the threads on this topic, but nothing helps me. Fail2ban does not block hosts. I tried restarting fail2ban and firewalld services. I tried the commands virtualmin-config-system -i Fail2banFirewalld and virtualmin-config-system -i Fail2ban. They didn’t help me either. What other options are there to fix this bug?

I have this in firewalld logfile:

2023-09-09 09:42:50 WARNING: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ftp,ftp-data,ftps,ftps-data', '-m', 'set', '--match-set', 'f2b-proftpd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT_direct'
2023-09-09 09:42:50 WARNING: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'smtp,465,submission,imap,imaps,pop3,pop3s', '-m', 'set', '--match-set', 'f2b-postfix-sasl', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT_direct'
2023-09-09 09:42:50 WARNING: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'smtp,465,submission', '-m', 'set', '--match-set', 'f2b-postfix', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT_direct'
2023-09-09 09:42:51 WARNING: NOT_ENABLED: rule '('-p', 'tcp', '-m', 'multiport', '--dports', 'ssh', '-m', 'set', '--match-set', 'f2b-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' is not in 'ipv4:filter:INPUT_direct'


2023-09-09 09:22:45,749 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:22:45
2023-09-09 09:22:49,756 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:22:49
2023-09-09 09:22:49,907 fail2ban.actions        [2492228]: WARNING [proftpd] 43.134.63.99 already banned
2023-09-09 09:22:53,763 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:22:53
2023-09-09 09:22:57,771 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:22:56
2023-09-09 09:23:00,976 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:00
2023-09-09 09:23:03,580 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:03
2023-09-09 09:23:07,585 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:07
2023-09-09 09:23:07,929 fail2ban.actions        [2492228]: WARNING [proftpd] 43.134.63.99 already banned
2023-09-09 09:23:10,791 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:10
2023-09-09 09:23:13,996 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:13
2023-09-09 09:23:17,201 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:17
2023-09-09 09:23:21,208 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:20
2023-09-09 09:23:25,214 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:24
2023-09-09 09:23:25,951 fail2ban.actions        [2492228]: WARNING [proftpd] 43.134.63.99 already banned
2023-09-09 09:23:28,421 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:27
2023-09-09 09:23:32,427 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:32
2023-09-09 09:23:35,633 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:35
2023-09-09 09:23:38,840 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:38
2023-09-09 09:23:42,846 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:42
2023-09-09 09:23:43,173 fail2ban.actions        [2492228]: WARNING [proftpd] 43.134.63.99 already banned
2023-09-09 09:23:45,452 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:45
2023-09-09 09:23:49,459 fail2ban.filter         [2492228]: INFO    [proftpd] Found 43.134.63.99 - 2023-09-09 09:23:49
2
2

I have never had a problem but in the fail2ban edit jail screen what have you set the arrowed option to ?

image
image1349×724 46.4 KB

3

Thank you for this answer.

I have in DEFAULT section

[DEFAULT]
banaction = firewallcmd-rich-rules[actiontype=<multiport>]
banaction_allports = firewallcmd-rich-rules[actiontype=<allports>]
4

Just change ot in the webmin interface to the setting in the image and reload fail2ban rather than messing with the default settings. To be fair my default settings do not contain anything like those settings, but i have always set the options per jail rather than default

5

Unfortunately, it didn’t help. I set it on firewallcmd-rich-rules[] for DEFAULT and it works. Thank you.