[BUG] fail2ban stopped working a while ago without me knowing #25

furian88 · 2024-04-05T09:04:01Z

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

fail2ban has worked for me for quite a long time, so long that i stopped checking the logs for a while.

Now i can see in the logging that IP's are being banned as fail2ban logs says so, but it does not ban the ip really from the host side. I can just keep connecting even though i should be banned.

i can also no longer see the iptables on the unraid host. (expected a chain, but its not there)

Expected Behavior

No response

Steps To Reproduce

jail:
[authelia-auth]

enabled = true
#port = http,80,https,443,9091
#protocol = tcp
logpath = %(remote_logs_path)s/authelia/authelia.log
chain = DOCKER-USER
action = iptables-multiport[name=HTTP, port="http,https,9091,4443,18443,8181,7818,8080,1880", protocol=tcp]
#action = %(known/action)s
ignoreip = 127.0.0.1/8 ::1
172.18.0.0/16
192.168.0.0/24
bantime = -1
findtime = 24h
maxretry = 1

[nginx-bad-request]

enabled = true
#port = http,80,https,443,18443,1880,7818
logpath = %(nginx_access_log)s
chain = DOCKER-USER
action = iptables-multiport[name=HTTP, port="http,https,9091,4443,18443,8181,7818,8080,1880", protocol=tcp]
#action = %(known/action)s
ignoreip = 127.0.0.1/8 ::1
172.18.0.0/16
192.168.0.0/24
bantime = -1
findtime = 24h
maxretry = 1

error from logs:
2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- exec: for proto in $(echo 'tcp' | sed 's/,/ /g'); do
iptables -w -D INPUT -p $proto -m multiport --dports http,https,9091,4443,18443,8181,7818,8080,1880 -j f2b-HTTP
done
iptables -w -F f2b-HTTP
iptables -w -X f2b-HTTP
2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- stderr: "iptables v1.8.10 (nf_tables): Chain 'f2b-HTTP' does not exist"
2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- stderr: 'iptables: No chain/target/match by that name.'
2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- returned 1
2024-04-05 08:42:11,950 150AA2544B38 ERROR Failed to stop jail 'nginx-bad-request' action 'iptables-multiport-f2b-HTTP': Error stopping action Jail('nginx-bad-request')/iptables-multiport-f2b-HTTP: 'Script error'

Environment

- OS: unraid 6.12.10
- How docker service was installed: through apps with repository lscr.io/linuxserver/fail2ban network type host

CPU architecture

x86-64

Docker creation

<?xml version="1.0"?>
<Container version="2">
  <Name>fail2ban</Name>
  <Repository>lscr.io/linuxserver/fail2ban</Repository>
  <Registry>https://github.com/orgs/linuxserver/packages/container/package/fail2ban</Registry>
  <Network>host</Network>
  <MyIP/>
  <Shell>bash</Shell>
  <Privileged>false</Privileged>
  <Support>https://github.com/linuxserver/docker-fail2ban/issues/new/choose</Support>
  <Project>http://www.fail2ban.org/</Project>
  <Overview>Fail2ban(http://www.fail2ban.org/) is a daemon to ban hosts that cause multiple authentication errors.</Overview>
  <Category>Security:</Category>
  <WebUI/>
  <TemplateURL>https://raw.githubusercontent.com/linuxserver/templates/master/unraid/fail2ban.xml</TemplateURL>
  <Icon>https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/fail2ban-logo.png</Icon>
  <ExtraParams>--cap-add=NET_ADMIN --cap-add=NET_RAW</ExtraParams>
  <PostArgs/>
  <CPUset/>
  <DateInstalled>1699788704</DateInstalled>
  <DonateText>Donations</DonateText>
  <DonateLink>https://www.linuxserver.io/donate</DonateLink>
  <Requires/>
  <Config Name="Path: /var/log" Target="/var/log" Default="" Mode="ro" Description="Host logs. Mounted as Read Only." Type="Path" Display="always" Required="true" Mask="false">/var/log</Config>
  <Config Name="Path: /remotelogs/airsonic" Target="/remotelogs/airsonic" Default="" Mode="ro" Description="Optional path to airsonic log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/apache2" Target="/remotelogs/apache2" Default="" Mode="ro" Description="Optional path to apache2 log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/authelia" Target="/remotelogs/authelia" Default="" Mode="ro" Description="Optional path to authelia log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/Authelia/log/</Config>
  <Config Name="Path: /remotelogs/emby" Target="/remotelogs/emby" Default="" Mode="ro" Description="Optional path to emby log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/filebrowser" Target="/remotelogs/filebrowser" Default="" Mode="ro" Description="Optional path to filebrowser log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/homeassistant" Target="/remotelogs/homeassistant" Default="" Mode="ro" Description="Optional path to homeassistant log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/lighttpd" Target="/remotelogs/lighttpd" Default="" Mode="ro" Description="Optional path to lighttpd log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/nextcloud" Target="/remotelogs/nextcloud" Default="" Mode="ro" Description="Optional path to nextcloud log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/vm_pool/Phone/</Config>
  <Config Name="Path: /remotelogs/nginx" Target="/remotelogs/nginx" Default="" Mode="ro" Description="Optional path to nginx log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/NginxProxyManager/log/</Config>
  <Config Name="Path: /remotelogs/nzbget" Target="/remotelogs/nzbget" Default="" Mode="ro" Description="Optional path to nzbget log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/overseerr" Target="/remotelogs/overseerr" Default="" Mode="ro" Description="Optional path to overseerr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/prowlarr" Target="/remotelogs/prowlarr" Default="" Mode="ro" Description="Optional path to prowlarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/radarr" Target="/remotelogs/radarr" Default="" Mode="ro" Description="Optional path to radarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/sabnzbd" Target="/remotelogs/sabnzbd" Default="" Mode="ro" Description="Optional path to sabnzbd log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/binhex-sabnzbd/logs/</Config>
  <Config Name="Path: /remotelogs/sonarr" Target="/remotelogs/sonarr" Default="" Mode="ro" Description="Optional path to sonarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/binhex-sonarr/logs/</Config>
  <Config Name="Path: /remotelogs/unificontroller" Target="/remotelogs/unificontroller" Default="" Mode="ro" Description="Optional path to unificontroller log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/vaultwarden" Target="/remotelogs/vaultwarden" Default="" Mode="ro" Description="Optional path to vaultwarden log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/vaultwarden/logs/</Config>
  <Config Name="Verbosity" Target="VERBOSITY" Default="-vv" Mode="{3}" Description="Set the container log verbosity. Valid options are -v, -vv, -vvv, -vvvv, or leaving the value blank or not setting the variable." Type="Variable" Display="always" Required="false" Mask="false">-vv</Config>
  <Config Name="Appdata" Target="/config" Default="/mnt/cache/appdata/fail2ban" Mode="rw" Description="Contains all relevant configuration files." Type="Path" Display="advanced" Required="true" Mask="false">/mnt/cache/appdata/fail2ban</Config>
  <Config Name="PUID" Target="PUID" Default="99" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="true" Mask="false">99</Config>
  <Config Name="PGID" Target="PGID" Default="100" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="true" Mask="false">100</Config>
  <Config Name="UMASK" Target="UMASK" Default="022" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="false" Mask="false">022</Config>
</Container>

Container logs

i removed the restore ban list:

2024-04-05 11:00:37,083 148402BC3B08 INFO  Starting Fail2ban v1.0.2
 2024-04-05 11:00:37,084 14840123BB38 INFO  Observer start...
 2024-04-05 11:00:37,092 148402BC3B08 INFO  Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
 2024-04-05 11:00:37,092 148402BC3B08 INFO  Creating new jail 'authelia-auth'
 2024-04-05 11:00:37,096 148402BC3B08 INFO  Jail 'authelia-auth' uses poller {}
 2024-04-05 11:00:37,096 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,099 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,099 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,099 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,099 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,100 148402BC3B08 INFO  Added logfile: '/remotelogs/authelia/authelia.log' (pos = 2445521, hash = 83446e7634061c0b954df3503fbc3bce64d03e54)
 2024-04-05 11:00:37,100 148402BC3B08 INFO  Creating new jail 'nextcloud-auth'
 2024-04-05 11:00:37,101 148402BC3B08 INFO  Jail 'nextcloud-auth' uses poller {}
 2024-04-05 11:00:37,101 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,102 148402BC3B08 INFO    date pattern `',?\\s*"time"\\s*:\\s*"%Y-%m-%d[T ]%H:%M:%S(%z)?"'`: `,?\s*"time"\s*:\s*"Year-Month-Day[T ]24hour:Minute:Second(Zone offset)?"`
 2024-04-05 11:00:37,102 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,102 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,102 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,102 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Added logfile: '/remotelogs/nextcloud/nextcloud.log' (pos = 5043397, hash = a022d3c3a92bb7dfc50572c126adcee541b6db5f)
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Creating new jail 'nginx-418'
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Jail 'nginx-418' uses poller {}
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,105 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,105 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,105 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,105 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Creating new jail 'nginx-bad-request'
 2024-04-05 11:00:37,109 148402BC3B08 INFO  Jail 'nginx-bad-request' uses poller {}
 2024-04-05 11:00:37,109 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,109 148402BC3B08 INFO    date pattern `'{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?'`: `{^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?`
 2024-04-05 11:00:37,110 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,110 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,110 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,110 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Creating new jail 'nginx-badbots'
 2024-04-05 11:00:37,112 148402BC3B08 INFO  Jail 'nginx-badbots' uses poller {}
 2024-04-05 11:00:37,112 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,114 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,114 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,114 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,114 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Creating new jail 'nginx-botsearch'
 2024-04-05 11:00:37,116 148402BC3B08 INFO  Jail 'nginx-botsearch' uses poller {}
 2024-04-05 11:00:37,116 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,117 148402BC3B08 INFO    date pattern `'{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?'`: `{^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?`
 2024-04-05 11:00:37,117 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,117 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,117 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,117 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Creating new jail 'nginx-deny'
 2024-04-05 11:00:37,120 148402BC3B08 INFO  Jail 'nginx-deny' uses poller {}
 2024-04-05 11:00:37,120 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,120 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,120 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,120 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,121 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Creating new jail 'nginx-http-auth'
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Jail 'nginx-http-auth' uses poller {}
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,123 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,123 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,123 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,123 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Creating new jail 'nginx-limit-req'
 2024-04-05 11:00:37,125 148402BC3B08 INFO  Jail 'nginx-limit-req' uses poller {}
 2024-04-05 11:00:37,125 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,125 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,125 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,125 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,125 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Creating new jail 'nginx-unauthorized'
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Jail 'nginx-unauthorized' uses poller {}
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,127 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,127 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,128 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,128 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Creating new jail 'sabnzbd-auth'
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Jail 'sabnzbd-auth' uses poller {}
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,131 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,131 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,131 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,131 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,131 148402BC3B08 INFO  Added logfile: '/remotelogs/sabnzbd/sabnzbd.log' (pos = 4682000, hash = ccefcec35cec82d8245c43d57aaae13cc9d5ef31)
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Creating new jail 'sonarr-auth'
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Jail 'sonarr-auth' uses poller {}
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,132 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,132 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,132 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,133 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Added logfile: '/remotelogs/sonarr/sonarr.txt' (pos = 895236, hash = 8a3c6d82d13943f5376372b8070f5b7367b4c41e)
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Creating new jail 'vaultwarden-auth'
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Jail 'vaultwarden-auth' uses poller {}
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,134 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,134 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,134 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,134 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,134 148402BC3B08 INFO  Added logfile: '/remotelogs/vaultwarden/vaultwarden.log' (pos = 7486, hash = f8e87372fda584c23d4dbbf23b3f6605dac62209)
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Found a match but no valid date/time found for ''.
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Match without a timestamp: {"error":"user not found","level":"error","method":"POST","msg":"Unsuccessful 1FA authentication attempt by user 'jhjhjhj'","path":"/api/firstfactor","remote_ip":"31.132.200.11","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/response.go","Line":275,"Name":"markAuthenticationAttempt"},{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_firstfactor.go","Line":52,"Name":"handleRouter.FirstFactorPOST.func10"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"handleRouter.(*BridgeBuilder).Build.func5.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":65,"Name":"SecurityHeadersCSPNone.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":91,"Name":"SecurityHeadersNoStore.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":30,"Name":"SecurityHeadersBase.func1"},{"File":"github.com/fasthttp/[email protected]/router.go","Line":441,"Name":"(*Router).Handler"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/log_request.go","Line":14,"Name":"handleRouter.LogRequest.func40"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/errors.go","Line":38,"Name":"RecoverPanic.func1"},{"File":"github.com/valyala/[email protected]/server.go","Line":2374,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/[email protected]/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/[email protected]/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1695,"Name":"goexit"}],"time":"2024-04-05T09:15:00+02:00"}
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Please try setting a custom date pattern (see man page jail.conf(5)).
 2024-04-05 11:00:37,196 148402BC3B08 INFO  Jail 'authelia-auth' started
 2024-04-05 11:00:37,197 148402BC3B08 INFO  Jail 'nextcloud-auth' started
 2024-04-05 11:00:37,198 148402BC3B08 INFO  Jail 'nginx-418' started
 2024-04-05 11:00:37,229 1483FFBD0B38 INFO  [nginx-bad-request] Found 185.161.248.148 - 2024-04-05 09:18:53
 2024-04-05 11:00:37,230 1483FFBD0B38 INFO  [nginx-bad-request] Found 167.94.138.125 - 2024-04-05 09:36:34
 2024-04-05 11:00:37,237 148402BC3B08 INFO  Jail 'nginx-bad-request' started
 2024-04-05 11:00:37,239 148402BC3B08 INFO  Jail 'nginx-badbots' started
 2024-04-05 11:00:37,240 148402BC3B08 INFO  Jail 'nginx-botsearch' started
 2024-04-05 11:00:37,241 148402BC3B08 INFO  Jail 'nginx-deny' started
 2024-04-05 11:00:37,243 148402BC3B08 INFO  Jail 'nginx-http-auth' started
 2024-04-05 11:00:37,244 148402BC3B08 INFO  Jail 'nginx-limit-req' started
 2024-04-05 11:00:37,248 148402BC3B08 INFO  Jail 'nginx-unauthorized' started
 2024-04-05 11:00:37,250 148402BC3B08 INFO  Jail 'sabnzbd-auth' started
 2024-04-05 11:00:37,258 148402BC3B08 INFO  Jail 'sonarr-auth' started
 2024-04-05 11:00:37,259 148402BC3B08 INFO  Jail 'vaultwarden-auth' started

github-actions · 2024-04-05T09:04:22Z

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

furian88 · 2024-04-05T09:16:42Z

in the console of fail2ban docker i can see these rules:

not of this is however visible on the host (also no chain)
-A f2b-HTTP -s 13.40.99.210/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 176.53.221.188/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 13.40.73.230/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 176.53.218.4/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 13.40.73.139/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 176.53.217.203/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 13.40.72.216/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 174.246.165.63/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 13.40.48.157/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-HTTP -s 174.218.225.78/32 -j REJECT --reject-with icmp-port-unreachable

mac-lucky · 2024-04-18T00:04:50Z

+1

danielaranki · 2024-05-14T18:05:22Z

I suspect that the rebase to Alpine 3.19 a couple of months ago may have caused this.

According to https://www.alpinelinux.org/posts/Alpine-3.19.0-released.html

iptables-nft is now the default iptables backend.

Whereas unraid uses iptables-legacy as the default iptables backend. So unraid's docker (host) populates the DOCKER-USER chain (and others) in the -legacy backend. On the other hand, fail2ban now tries to manipulate the iptables-nft backend, which does not contain the DOCKER-USER chain, so the rules/chains are broken in fail2ban.

As a test, I tried installing iptables-legacy inside the fail2ban container:

docker exec -it fail2ban apk add iptables-legacy

then changed the jail.local to use it:

banaction = iptables-multiport[iptables=iptables-legacy]

and now things are working again.

Of course this is not a permanent solution (since an update to the docker image would again remove iptables-legacy), but just a test to confirm my suspicions.

cheuer · 2024-05-20T16:46:36Z

Facing the same issue in Unraid 6.12.4, so I have rolled back to the 1.0.2-r2-ls60 release before the rebase to Alpine 3.19 and this seems to have fixed it. To do this set the repository to ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60.

Hopefully it can be addressed in a future release.

LinuxServer-CI · 2024-06-20T13:59:09Z

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

diggerydoo · 2024-06-22T16:33:25Z

Facing the same issue in Unraid 6.12.4, so I have rolled back to the 1.0.2-r2-ls60 release before the rebase to Alpine 3.19 and this seems to have fixed it. To do this set the repository to ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60.

Hopefully it can be addressed in a future release.

I seem to still be having this same issue in ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60 Ban detection works but actual ban action doesn't seem to add any rules to iptables. Any ideas?

Snippet of error from `fail2ban.log`:

2024-06-22 22:40:18,864 14908166CB38 NOTIC [authelia-auth] Ban <redacted IP>
2024-06-22 22:40:18,868 14908166CB38 ERROR 1490818e0990 -- exec: { iptables -w -C f2b-authelia-auth -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-authelia-auth || true; iptables -w -A f2b-authelia-auth -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports http,https,9091 -j f2b-authelia-auth >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports http,https,9091 -j f2b-authelia-auth; }
done
2024-06-22 22:40:18,869 14908166CB38 ERROR 1490818e0990 -- stderr: 'iptables: No chain/target/match by that name.'
2024-06-22 22:40:18,869 14908166CB38 ERROR 1490818e0990 -- returned 1
2024-06-22 22:40:18,869 14908166CB38 ERROR Failed to execute ban jail 'authelia-auth' action 'iptables-multiport' info 'ActionInfo({'ip': '<redacted IP>', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x14908266f420>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x14908266fba0>})': Error starting action Jail('authelia-auth')/iptables-multiport: 'Script error'

jail: `authelia-auth`

[authelia-auth]

enabled  = false
port     = http,https,9091
logpath  = %(remote_logs_path)s/authelia/authelia.log

Snippet from `jail.local`

[authelia-auth]
enabled = true
chain = DOCKER-USER
action = %(known/action)s

Docker Run

docker run
  -d
  --name='fail2ban'
  --net='customzone'
  -e TZ="UTC"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="<redacted>"
  -e HOST_CONTAINERNAME="fail2ban"
  -e 'VERBOSITY'='-vv'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/fail2ban-logo.png'
  -v '/var/log/':'/var/log':'ro'
  -v '/mnt/user/appdata/Authelia/logs/':'/remotelogs/authelia':'ro'
  -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/data/logs/':'/remotelogs/nginx':'ro'
  -v '/mnt/user/appdata/fail2ban':'/config':'rw'
  --cap-add=NET_ADMIN
  --cap-add=NET_RAW 'ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60'

LinuxServer-CI · 2024-07-23T13:59:10Z

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

klack · 2024-07-30T02:07:47Z

This issue should probably stay open...

LinuxServer-CI · 2024-08-30T13:59:19Z

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

cheuer · 2024-09-03T15:28:44Z

This issue is still not resolved, this bot is unhelpful.

LinuxServer-CI · 2024-10-05T13:59:08Z

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

danielaranki · 2024-10-05T14:00:23Z

Bump

TurtleTony · 2025-01-07T18:39:26Z

This issue is still a problem. The workaround from @danielaranki works for me, but it took me quite some time to get here..

Please fix or at least add something in the Documentation/Faq so that future users can find the workaround quicker :)
Kind regards

LinuxServer-CI added this to Issue & PR Tracker Apr 5, 2024

LinuxServer-CI moved this to Issues in Issue & PR Tracker Apr 5, 2024

dustinwilson mentioned this issue May 24, 2024

Added iptables-legacy to installed packages #26

Merged

LinuxServer-CI added the no-issue-activity label Jun 20, 2024

LinuxServer-CI removed the no-issue-activity label Jun 23, 2024

LinuxServer-CI added the no-issue-activity label Jul 23, 2024

LinuxServer-CI removed the no-issue-activity label Jul 30, 2024

LinuxServer-CI added the no-issue-activity label Aug 30, 2024

LinuxServer-CI removed the no-issue-activity label Sep 4, 2024

LinuxServer-CI added the no-issue-activity label Oct 5, 2024

LinuxServer-CI removed the no-issue-activity label Oct 6, 2024

drizuid added the work-in-progress Stale exempt label Oct 12, 2024

nemchik closed this as completed in #26 Oct 23, 2024

LinuxServer-CI moved this from Issues to Done in Issue & PR Tracker Oct 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] fail2ban stopped working a while ago without me knowing #25

[BUG] fail2ban stopped working a while ago without me knowing #25

furian88 commented Apr 5, 2024

github-actions bot commented Apr 5, 2024

furian88 commented Apr 5, 2024 •

edited

Loading

mac-lucky commented Apr 18, 2024

danielaranki commented May 14, 2024

cheuer commented May 20, 2024

LinuxServer-CI commented Jun 20, 2024

diggerydoo commented Jun 22, 2024 •

edited

Loading

LinuxServer-CI commented Jul 23, 2024

klack commented Jul 30, 2024

LinuxServer-CI commented Aug 30, 2024

cheuer commented Sep 3, 2024

LinuxServer-CI commented Oct 5, 2024

danielaranki commented Oct 5, 2024

TurtleTony commented Jan 7, 2025

[BUG] fail2ban stopped working a while ago without me knowing #25

[BUG] fail2ban stopped working a while ago without me knowing #25

Comments

furian88 commented Apr 5, 2024

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

Environment

CPU architecture

Docker creation

Container logs

github-actions bot commented Apr 5, 2024

furian88 commented Apr 5, 2024 • edited Loading

mac-lucky commented Apr 18, 2024

danielaranki commented May 14, 2024

cheuer commented May 20, 2024

LinuxServer-CI commented Jun 20, 2024

diggerydoo commented Jun 22, 2024 • edited Loading

Snippet of error from fail2ban.log:

jail: authelia-auth

Snippet from jail.local

Docker Run

LinuxServer-CI commented Jul 23, 2024

klack commented Jul 30, 2024

LinuxServer-CI commented Aug 30, 2024

cheuer commented Sep 3, 2024

LinuxServer-CI commented Oct 5, 2024

danielaranki commented Oct 5, 2024

TurtleTony commented Jan 7, 2025

furian88 commented Apr 5, 2024 •

edited

Loading

diggerydoo commented Jun 22, 2024 •

edited

Loading

Snippet of error from `fail2ban.log`:

jail: `authelia-auth`

Snippet from `jail.local`