Hi,
BACKGROUND: I run ubuntu 14.04 and enabled ufw. Because I'm a n00b at virtualmin, I noticed that the iptables settings didn't show in virtualmin and so I clicked on [Revert Configuration]. What happened is all the ufw chains got imported into the iptables config.
Since there was no easy way to remove all of the ufw-XXX chains (yes, even after 'ufw disable')... I went and removed the chains in the UI. Unfortunately, I didn't notice that I was removing fail2ban chains as well....
(Yes, forehead slaps now...)
So, the problem is the fail2ban.logs:
2015-06-17 00:53:23,138 fail2ban.actions.action: ERRORĀ iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh returned 100
2015-06-17 00:53:23,327 fail2ban.actions.action: ERRORĀ iptables -D INPUT -p tcp -j fail2ban-recidive
iptables -F fail2ban-recidive
iptables -X fail2ban-recidive returned 100
This looked suitably bad, so I ran "iptables -L" at a shell prompt and noticed the extent of the problem I'd made....
The Question: Does anyone know how to reinstate the standard fail2ban chains in iptables?
Many thanks, Craig
Stop fail2ban, flush iptables, set back rules you want/need, save those rules, restart iptables, start fail2ban.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Thanks @ Diabolico. I did that by accident, by rebooting a few times (for other reasons). It's great that you listed it out though.