On 1/6/21 2:57 AM, Gary Stainburn wrote: > 2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR > 7f119e95f7f0 -- exec: ports="0:65535"; for p in $(echo $ports | tr ", > " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source > address='113.110.47.81' port port='$p' protocol='tcp' reject > type='icmp-port-unreachable'"; done > 2020-12-22 19:38:27,619 fail2ban.utils [1836]: ERROR > 7f119e95f7f0 -- stderr: 'Error: INVALID_PORT: 0:65535' See firewalld.richlanguage(5) The port port value can either be a single port number portid or a port range portid-portid. You'll need to also transform your ports with: tr : - ports="0:65535"; for p in $(echo $ports | tr : - | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='113.110.47.81' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done