hello there… just trying to do the modification you suggested… This one :
“In the jails, I had to change not only banaction , but also protocol from all to tcp, udp - otherwise, fail2ban failed to start the jails due to nft syntax error.”
could you give me an example , since ii do see 'banaction" here :
banaction = iptables-multiport24subnet
banaction_allports =
Is that the one, and if so, to what should that be changed?
This is why I always create manual snapshot before I approve update.
In /etc/fail2ban/jail.d/openvpn.conf, change:
protocol = all
to
protocol = tcp, udp
And also change
banaction = iptables
banaction_allports = iptables_allports
to
banaction = nftables
banaction_allports = nftables_allports
oeps…did that, rebooted, stopped running…
[line 15]: option ‘banaction’ in section ‘openvpn’ already exists
edit ,. solved it. should be
banaction = nftables
banaction_allports = nftables_allports
thxs!
hmm, some more issues…
Nov 22 14:06:38 turris procd: Instance fail2ban::instance1 s in a crash loop 6 crashes, 1 seconds since last crash
Also, it basically let sentinel crash
Nov 22 14:05:24 turris procd: Instance fail2ban::instance1 s in a crash loop 6 crashes, 1 seconds since last crash
Nov 22 14:05:59 turris procd: Instance fail2ban::instance1 s in a crash loop 6 crashes, 1 seconds since last crash
Nov 22 14:06:08 turris procd: Instance sentinel-minipot::instance1 pid 28521 not stopped on SIGTERM, sending SIGKILL instead
killed f2b now, and now sentinel is working
Weird, mine runs fine. What jails do you have activated?
Only OPENVPN. But Haas also stopped working, (it does run but not open on the outside) , and sentinel runs, but does not show any data in view.sentinel.
I rolled back to 7.01, and run the update again. But now with f2b running.
So, not sure, but this update does something with the whole sentinel/haas concept.
I have the same problem…
I’m confused. So do you have f2b working after the second update?
Both f2b and sentinel/haas do work for me…
( i have no clue)