-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BR]: nested invocation of fail2ban-client blocks itself #3578
Comments
Would probably not solve the issue, but
Nope. At least not in direct sense, for instance in my IDS based on fail2ban I definitely had nested calls of fail2ban-client in some actions, but... they was affecting different jails. The actual problem is that fail2ban-client works here synchronously, so it waits for an answer from fail2ban-server, which in turn calling fail2ban/fail2ban/server/server.py Line 542 in f8f8c04
If the action during unban, triggered by server, calls fail2ban-client again, it'd expect that server thread listening on the socket and process the command too, what would not happend because server thread is going to process Because of #3487, we need to rewrite the server communication anyway, so it'd be theoretically solved after switch to asyncio facilities, but... Additionally (second problem that may occur) if inside the action something calls The full solution may be to rewrite calling of |
Hello,
I've installed fail2ban with haproxy on a ubuntu 22.04 server.
I found a strange behavior that might be a bug.
I told fail2ban to run a php script as action for ban and unban.
works fine.
My PHP skript runs "fail2ban-client status haproxy" to get a list of blocked ip-adresses to process it further.
works fine.
But when I use fail2ban-client on bash to manual unban an ip it blocks itself.
Run "fail2ban-client set haproxy unbanip 1.2.3.4"
-> tells fail2ban to unban ip (ok in log)
-> calls php script which calls "fail2ban-client status haproxy" (dead for about 20 seconds).
-> dead on bash too even if unban is aborted
Maybe it is not possible to run fail2ban-client two times?
First ist waiting to finish
Second is waiting for the first
Thanks
Stefan
The text was updated successfully, but these errors were encountered: