Got this sh*t on my error logs…
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-fakegooglebot src -j REJECT --reject-with icmp-port-unreachable -- killed with signal 124 (return code: 252) 2017-07-08 21:26:11,212 fail2ban.actions [3781]: ERROR Failed to start jail 'apache-fakegooglebot' action 'firewallcmd-ipset': Error starting action 2017-07-08 21:26:11,416 fail2ban.action [3781]: ERROR ipset create fail2ban-apache-modsecurity hash:ip timeout 6000 firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http,https -m set --match-set fail2ban-apache-modsecurity src -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
Solution? Let’s set banaction to iptables! 🙂
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
!!