Tony Mountifield wrote: > In article <1446132814771.22431 at slac.stanford.edu>, > Eriksson, Thomas <thomas.eriksson at slac.stanford.edu> wrote: >> This should probably be a bug report for the fail2ban EPEL maintainer, >> the problem was introduced in version 0.9.3 >> >> >From the file /etc/fail2ban/action.d/iptables-common.conf >> ... >> # Option: lockingopt >> # Notes.: Option was introduced to iptables to prevent multiple >> instances from >> # running concurrently and causing irratic behavior. -w was >> introduced >> # in iptables 1.4.20, so might be absent on older systems >> # See https://github.com/fail2ban/fail2ban/issues/1122 >> # Values: STRING >> lockingopt = -w >> ... >> >> Now, CentOS 6.7 has iptables 1.4.7 and the "wait" option does not seem >> to have been backported by RedHat, so the EPEL package for EL6 should >> probably not have this as the default. >> >> My workaround was to create a file >> /etc/fail2ban/action.d/iptables-common.local that contains >> ... >> [Init] >> lockingopt = >> ... > > Looks like it has been fixed in the update fail2ban-0.9.3-1.el6.1 > Thanks to Thomas, and I created the .local file. Thanks to Tony, and I just updated fail2ban, checked iptables-common.conf, and then rm'd the .local file. mark