2

I have recently setup a server with fail2ban, and it is mostly working except I am getting errors whenever this command tries to execute:

sudo iptables -D fail2ban-ssh -s xxx.xxx.xxx.xxx -j REJECT --reject-with icmp-port-unreachable

The error message is:

iptables: No chain/target/match by that name.

When I don't use REJECT, it works fine. For example:

sudo iptables -D fail2ban-ssh -s xxx.xxx.xxx.xxx -j DROP

Will execute just fine. I can't figure out why REJECT is being, er, rejected.

Stephen
  • 143
  • 5

1 Answers1

3

Load the external module with modprobe ipt_REJECT and try again. DROP is in native, but REJECT is optionnal

Dom
  • 6,743
  • 1
  • 20
  • 24
  • Sorry, I just realized that, ha. But after issuing it, I get the same error – Stephen Jun 19 '14 at 11:10
  • I just see the -D in iptables. What are you doing ? Deleting the entry ? Then do a delete with the line number or the output of 'iptables -S', not the creation line – Dom Jun 19 '14 at 11:12
  • Oh, I think I see the problem now thanks. I didn't notice that it was a delete command, I just saw it failing in the logs and tried it. Now I think I see the problem is one set of actions is using DROP to create the rule, and this one is failing because that rule does not exist to DELETE it. Let me verify and get back to you, thanks! – Stephen Jun 19 '14 at 11:16