Unable to stop Fail2Ban jail: iptables: Too many links

Created:

2017-01-17 17:32:07 UTC

Modified:

2017-08-08 13:46:11 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to stop Fail2Ban jail: iptables: Too many links

Symptoms

Unable to stop Fail2Ban jails The following error can be found in /usr/log/fail2ban.log:

fail2ban.action         [3941]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-apache iptables -F f2b-apache
iptables -X f2b-apache -- stdout: ''
fail2ban.action         [3941]: ERROR   iptables -D INPUT -p tcp -m multiport --dports http,https,7080,7081 -j f2b-apache   iptables -F f2b-apache  iptables -X f2b-apache -- stderr: 'iptables: Too many links.\n'

There are duplicate rules enabled in iptables:

# iptables -L
f2b-apache  tcp  --  anywhere            anywhere            multiport dports http,https,empowerid,7081
f2b-apache  tcp  --  anywhere            anywhere            multiport dports http,https,empowerid,7081
f2b-apache  tcp  --  anywhere            anywhere            multiport dports http,https,empowerid,7081
f2b-apache  tcp  --  anywhere            anywhere            multiport dports http,https,empowerid,7081

There are different jails with the same name in action section, for example, apache and apache-1 jails:

action = iptables-multiport[name=apache, port="http,https,7080,7081"]
action = iptables-multiport[name=apache, port="http,https,7080,7081"]

Cause

This is an internal issue with ID #PPPM-5571, which is planned to be fixed in future product updates.

Resolution

As a workaround, change name values in action section so that all name sections are unique in Tools and Settings > Fail2Ban > Jails

Have more questions? Submit a request
Please sign in to leave a comment.