When using fail2ban with iptables, it is possible that errors occur when fail2ban tries to load the iptable chains...
Error messages are similar to the following:
iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-rulename returned 400
The error codes can have different values like 200, 100, 400.
It seems to be a timing error with iptables.
A fix can be added to the /usr/bin/fail2ban-client python application:
Add the line
time.sleep(0.1)
to the function
def __processCmd(self, cmd, showRet = True):
beautifier = Beautifier() for c in cmd:
beautifier.setInputCmd(c)
in front of the beautifier.setInputCmd(c) command.
The result will look like:
def __processCmd(self, cmd, showRet = True):
beautifier = Beautifier() for c in cmd:
time.sleep(0.1)
beautifier.setInputCmd(c)
Restart fail2ban and it should now work without any problem.