fail2ban/domoticz

[miralant]

Hi,

I use on PIs and servers fail2ban to prevent brut force attack on SSH port. I've try to setup a jail to secure domoticz accordind to this tutorial : https://www.domoticz.com/wiki/Setup_fail2ban

After restart, it works (after 3 mistakes to logion page, the IP is push to iptables) but after several hours, the jail looks not fired

If I try regex (fail2ban-regex /tmp/domoticz.txt /etc/fail2ban/filter.d/domoticz.conf), it works. If I look to Top fail2ban is currently running.

I've try to restart f2b with systemctl restart fail2ban but the issue still present. If I reboot the Pi, it restarts working correctly. Strange :'

Thanks for your help.

raspbian : 10 buster
domoticz : 2020.2

Mira

[erem]

what do you mean when you write

>>the jail looks not fired.

i have a hard time understanding your issue.

[miralant]

Sorry, i'll try to be more clear. #poorenglish

In fact, the domoticz jail works but after several hours it stops working. The jail is not triggered.

I need to fully restart Pi to fix the issue. (Systemctl restart won't fix...)

[Egregius]

If it's truly the jail that stops, isn't this something to take up with fail2ban instead of domoticz then?

[miralant]

For sure That's fail2ban issue not domoticz.

[jvdz]

..or it is an iptables issue as that is what is being used by fail2ban. Did you check the status of iptables?

Jos

[miralant]

Iptables is kernel function. How check if it runs ? (Currently nothing in top)

[jvdz]

You can show the current active jails:
sudo iptables -L -n

Jos

[miralant]

Nothing on my jails...what should I have ?

root@raspberrypi:/home/ced# sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I have the same return on Ubuntu server and SFTP jaiks is triggered.