# [SOLVED] fail2ban fails to insert a iptable rule

## tuqs

Hello,

after starting fail2ban i get the following error in the log:

```

2008-10-19 15:04:21,964 fail2ban.actions.action: ERROR  iptables -N fail2ban-SSH

iptables -A fail2ban-SSH -j RETURN

iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned 100

```

```

root@box ~ % iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

--- censored ---

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

--- censored ---   

Chain fail2ban-SSH (0 references)

target     prot opt source               destination         

RETURN     all  --  0.0.0.0/0            0.0.0.0/0     

```

If i'm running the last command manually i get the following error:

```

root@box ~ % iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH

iptables: No chain/target/match by that name

```

but as you can see above the chain exists!

versions:

```

root@box ~ % iptables --version

iptables v1.4.1.1

root@box ~ % fail2ban-server --version | head -1

Fail2Ban v0.8.3

root@box ~ % uname -sr

Linux 2.6.26-gentoo-r1

```

loaded modules:

```

root@box ~ % lsmod | grep -E '^ip|^xt?'

iptable_filter          3584  1 

ip_tables              17168  1 iptable_filter

x_tables               17416  1 ip_tables

```

thanks in advanceLast edited by tuqs on Fri Nov 07, 2008 3:48 pm; edited 1 time in total

----------

## trigggl

I don't know if this is any help, but your post actually helped get my install working.  I realized I didn't have iptables enabled in my kernel, so I compiled the kernel with it and now mine appears to work.  Here's what I get doing your tests:

```
iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

fail2ban-ssh  udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:22

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

Chain fail2ban-ssh (2 references)

target     prot opt source               destination

RETURN     all  --  0.0.0.0/0            0.0.0.0/0

RETURN     all  --  0.0.0.0/0            0.0.0.0/0
```

I notice fail2ban-'ssh' so I tried this:

```
iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
```

This gave no response.  I assume that means that it worked.

```
iptables --version

iptables v1.4.0

fail2ban-server --version | head -1

Fail2Ban v0.8.3

uname -sr

Linux 2.6.27-gentoo-r2

```

```
lsmod | grep -E '^ip|^xt?'

xt_tcpudp               4776  3

iptable_filter          5872  1

ip_tables              24032  1 iptable_filter

x_tables               27696  2 xt_tcpudp,ip_tables
```

I don't know if that will help you any and I don't even know if my install is working yet, but there is is.

----------

## tuqs

As i can see on your output you have loaded the xt_tcpudp module which i havn't, because i didn't set up automatic kernel module loading and i didn't know the module is needed.

Loading xt_tcpudp fixed the problem for me.

Thanks  :Wink: 

----------

