Solving fail2ban errors and warnings

[simba]

Hello, so after a lot of googling and testing, i found out how to fix various fail2ban messages, like:

Ok, so errors is not stopping, i ran commands directly and this is what i found out.
Error log entry
Actual error message when typed directly

fail2ban.actions.action: ERROR iptables -N fail2ban-sasl#012iptables -A fail2ban-sasl -j RETURN#012iptables -I INPUT -p tcp --dport smtp -j fail2ban-sasl returned 200

iptables v1.4.7: Cannot use -A with -Z


fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-dovecot-pop3imap#012iptables -F fail2ban-dovecot-pop3imap#012iptables -X fail2ban-dovecot-pop3imap returned 100


iptables v1.4.7: Invalid target name `fail2ban-dovecot-pop3imap#012iptables' (31 chars max)


fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport smtp -j fail2ban-sasl#012iptables -F fail2ban-sasl#012iptables -X fail2ban-sasl returned 100

iptables v1.4.7: Cannot use -F with -D


fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ftp -j fail2ban-pure-ftpd#012iptables -F fail2ban-pure-ftpd#012iptables -X fail2ban-pure-ftpd returned 100

iptables v1.4.7: Cannot use -F with -D

fail2ban.actions.action: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH#012iptables -F fail2ban-SSH#012iptables -X fail2ban-SSH returned 100

iptables v1.4.7: Cannot use -F with -D

fail2ban.actions.action: ERROR iptables -N fail2ban-dovecot-pop3imap#012iptables -A fail2ban-dovecot-pop3imap -j RETURN#012iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps -j fail2ban-dovecot-pop3imap returned 200

iptables v1.4.7: Cannot use -A with -Z

¿<27>fail2ban.filter : ERROR No 'host' group in 'dovecot-auth: pam_unix\(dovecot:auth\):'

So the problem is fail2ban runs too quickly, to fix it:

go to /etc/fail2ban/action.d
open iptables-multiport-log.conf

add

sleep `perl -e 'print rand(3);'`

to

actionstart =

so it looks:

actionstart = sleep `perl -e 'print rand(3);'`
iptables -N fail2ban-<name>

I haven't seen any errors since then, and ips are banned.

 

[chatwizrd]

Why would you have to put anything but sleep # why do you need the perl part at all.

 

[cadmin]

Why would you have to put anything but sleep # why do you need the perl part at all.

While googling to resolve problems with fail2ban not adding rules to the iptables, I came across the same solution. The perl part is apparently to add a random delay as a fixed delay supposedly doesn't help as it simply pushes the race back.

Not sure if that really does help as I eventually discovered my problem was probably due to a missing comma, embarrasingly.