Fail2Ban - Iptables - Set does not exist
Solution 1:
The ipset
command requires IP SET support in the kernel. Specifically, you would be looking for the following settings:
CONFIG_IP_SET=m
CONFIG_IP_SET_HASH_IP=m
And it seems that your kernel is built without ipset support, or at the least, it cannot find these modules. Solve that issue and your error should go away.
Try running find /lib/modules/$(uname -r) -name ip_set.ko
to see if you current kernel supports them, and also find /lib/modules -name ip_set.ko
to see if any of the installed kernel supports them.
If you need more help, you would have to tell us:
- What version of CentOS you are using
- What kernel you are running
- How you installed fail2ban (from the EPEL repository or manually?)
I should also note that the version of ipset reported in your question (6.19) is what CentOS 7 comes with, so if you are using the original kernel and fail2ban from the EPEL repo everything should just work.
CentOS 6.5 also has support for ip sets and fail2ban is available in EPEL for CentOS 6. These should also work fine.
However, if you are running CentOS 5, then you are likely out of luck. You may have some luck building the modules that ipset comes with, but I am not sure the CentOS 5 kernel is supported at all. If you actually managed to pull that off, and later upgraded the kernel, then it is just a matter of rebuilding the modules for the new kernel.