Plesk for Linux
kb: technical
Applicable to:
- Plesk for Linux
Symptoms
The following warnings are found in Fail2ban log file /var/log/fail2ban.log:
CONFIG_TEXT: fail2ban.filter [8598]: WARNING Unable to find a corresponding IP address for 2001:db8:f61:a1ff:0:0:0:80: [Errno -9] Address family for hostname not supported
OR
CONFIG_TEXT: fail2ban.filter [2294]: WARNING Unable to find a corresponding IP address for 2001:db8:f61:a1ff:0:0:0:80: [Errno -2] Name or service not known
Cause
Fail2Ban in Plesk Onyx does not support the IPv6 protocol.
Comments
14 comments
According to https://github.com/fail2ban/fail2ban/issues/1123#issuecomment-373325016 it is supported in versions 0.10.x
Hello @Kamil, according to fail2ban website, 0.10.x, for now, is an experimental version. When this version will become stable, it will be included in Plesk future releases.
I would have expected this to be available for Plesk, especially considering more and more people use IPv6!
I seriously hope this will be resolved soon.
Hello, @Michel vd Lingen.
This feature is already available in Plesk Onyx 17.9 that is currently in testing and development.
The work is in progress and I updated the article with this information.
IPv6 has been available for a very long time now and the amount of IPv6 errors in the Fail2Ban logs in our case is continuous and non-stop... Obviously, adding an IPv6 address into Trusted IP Addesses within Fail2Ban, doesn't work in the Fail2Ban v0.9.6 version that we have running on Plesk 17.8.11
Can Plesk confirm if this upgrade will be accessible on Plesk Onyx 17.9 only? If so, does that then mean there will be NO Fail2Ban upgrade for all previous Plesk versions? Surely not? That would mean that only Plesk 17.9 would actually offer 100% effective, Plesk integrated Fail2ban. It's bad enough that this isn't available (via Plesk) already, as per @Michel vd Lingen post above. To then invoke IPv6 Fail2Ban 'exclusion by Plesk version' would be extremely unpopular... Fingers crossed common sense prevails!
Relevant information, is that not everybody wants to be an early adopter of 17.9 and other future Plesk releases, often due to the complexity and associated errors when upgrading from their own previous Plesk Versions (17.5.3 > 17.8.11 wasn't an easy process for many users...)
Hi @Learning Curve,
As soon as it will be tested and finished in scope of Plesk Onyx 17.9, it might be backported to older versions of Plesk as well.
It will depend on the actual demand, so your feedback here is highly appreciated!
Hi @Alexandr Redikultsev
Any update for Plesk Onyx 17.8?
@Joachim,
Hello! As was mentioned by Alexandr Redikultsev, the feature is being tested on Plesk 17.9 currently. Backport to Plesk 17.8 will be considered after the release of Plesk 17.9.
"... it might be backported to older versions of Plesk as well. It will depend on the actual demand, so your feedback here is highly appreciated!..."
Absolutely definitely! This should even have a much higher priority than to develope the 17.9 version of Plesk, because most of us hosting providers won't immediately update to the latest Plesk version but rather wait on for the first bugfixes to complete after a "stable" 17.9. It is much more urgently needed to have IPv6 Fail2Ban support in 17.5 and 17.8.
@Peter Debik
Thank you very much for your feedback! I have passed it to the development team.
It's seems, that the feedback given on this, from different Plesk end-users, was irrelevant in the end.
A post today on the Plesk forum, within a thread, where this subject was being discussed (and made by another member of Plesk, who is well known for providing regular help and valuable assistance) indicates that there are no plans at all for backporting this from 17.9... https://talk.plesk.com/threads/how-to-fine-tune-fail2ban-filters-jails-settings-nginx-blocklists-badips-sync-ipv6.351453/#post-859899
So it appears, that we will have a IPv6 Fail2Ban 'exclusion by Plesk version' aka If you want this, then you must use Plesk 17.9.* as no previous Plesk releases can or will provide it.
Hi @Learning Curve,
The probability of the backport currently is indeed rather low, however this is all driven by demand.
All activities on forum regarding this question, all your feedback in scope of this article and its commends -- its all can be taken into consideration.
On my side, I created feature request for backport in order to track the attention there as well: https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/36978325-backport-fail2ban-ipv6-support-to-plesk-onyx-17-x
please add FAIL2BAN IPv6 support for Plesk Onyx 17.8.11 - I am stuck with Ubuntu 14.04.6 LTS
because my VPS provider does NOT allow OS upgrade - just for the shame record it is HostEurope.de
if you do OS upgrade yourself VPS doesn't work, if you let them do the OS upgrade you can't keep your current Public IP address, whitelisted at many business partners
so while waiting for them to resolve this non-sense limbo of upgrade-not-allowed, please add support for Fail2Ban IPv6 because I can see a LOT of entries in /var/log/fail2ban.log
WARNING Unable to find a corresponding IP address for --cut IPv6 cut-- [Errno -9] Address family for hostname not supported
Thank you!
Hello Pera Burek
In your case, the recommendation is to prepare a new server with Plesk Obsidian (supports Fail2ban for IPv6) and modern supported OS.
After that, migrate domains to the new server.
Please sign in to leave a comment.