• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved can't enable Fail2Ban after upgrade Onyx Version 17.5.3

I can tell you only what I observed. My Putty Connection doesn't response, a reconnect didn't work.
How long could these flush command run? Maybe several minutes?

Even if I run
Code:
iptables -L
it takes 18 minutes (!!!) for an output of < 900 lines. Most of them like:

REJECT all -- 111.206.163.56 anywhere reject-with icmp-port-unreachable

Is that normal? Or is there something wrong with the iptables (after the update)?
 
Hi Xantiva,

it takes 18 minutes (!!!) for an output of < 900 lines
... quite a long time, but this depends on YOUR hardware on YOUR server and last but not least on the server network connection and YOUR internet connection to the server. ;)

Is that normal?
Having 900 entries? This depends on YOUR configuration. You should consider to use the additional jail "RECIDIVE" and pls. inform yourself about it's usage and how it can be configured/adjusted, to fit YOUR needs and desires. ;)


My Putty Connection doesn't response, a reconnect didn't work.
To investigate such an issue, ps. consider to inspect YOUR SSH - log - files, in order to investigate, why the connections has been closed or why your server didn't respond to your putty client. Again, this indicates slow internet/network connections. ;)
 
The server and my internet connection aren't very slow. The problem seems to be all the DNS requests if the option "-n" (numeric output of addresses and ports) is not used.
Code:
iptables -L -n
is much faster now (no visible delay)!

And I still use the recidive jail ...
 
Hi Xantiva,

The problem seems to be all the DNS requests if the option "-n"
Yes, the command "iptables" has several command options, which you are able to use, but the word "seems" is hardly an indication of an actual research of your root cause.

Information: The standart command "iptables -L" is a command, which includes parsing, ordering and DNS - reverse commands, while the additional option "-n" doesn't have to process a reverse DNS, in order to be able to show the corresponding hostname, it just parses/reads the current IP - entries. ;)
 
Last edited by a moderator:
Hi Xantiva,

your very first step to inform yourself about a command option on linux based systems, is to read the corresponding "man" pages for the installed package. If you desire manuals provided over internet sites, you should consider to use:

=> LMGTFY
 
Hi UFHH01,

what do you want to tell me? The first google hit is Man page of IPTABLES

-L, --list [chain]
List all rules in the selected chain. If no chain is selected, all chains are listed. Like every other iptables command, it applies to the specified table (filter is the default), so NAT rules get listed by
iptables -t nat -n -L

Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups.
 
The instruction that was missing here to be able to restart fail2ban after
Code:
aptitude purge fail2ban plesk-fail2ban-configurator
is described on Failed to start fail2ban service
Code:
kill `ps afvvx | grep -v grep | grep fail2ban-server | awk '{print $1}' | xargs`

thanks @UFHH01 for your help, altogether those instructions made it for me cause i had the exact same system and exception as @tomer628
 
I can confirm that following the instructions of UFHH01 and restarting the VPS the failban service starts working.

Thanks UFHH01, great work!!!
 
Back
Top