Messages

Regarding to my last Maltrial fail2ban connection problem, i have manually added two command lines into fnf FAIL2BAN_ALLOWLIST 127.0.0.1 & FAIL2BAN_ALLOWLIST 192.168.1.1/24 into /usr/local/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf to resolve fail2ban connection problem.
https://forum.opnsense.org/index.php?topic=52066.msg268118#msg268118
However, it only works for few hours only then appears alot of error message as below. I would like to confirm that Maltrial is working so far so good and i can access the fail2ban list from my pc without any problem. I have tried to restart all the service and reboot the firewall. It doesn't help to solve the connection problem.

Code Select Expand

2026-06-12T12:54:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:54:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:48:45
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:48:45
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:42:02
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:42:02
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:37:03
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:37:03
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:32:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:32:01
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:27:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:27:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:22:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)


The errors suggest that the issue is no longer fail2ban access itself, but that the Maltrail service listening on 127.0.0.1:8338 is stopping or crashing intermittently. Since the alias works for a while and then starts returning "Connection refused", I'd check whether the Maltrail sensor/server process is still running when the errors occur and review the Maltrail logs around that time. It may be worth investigating why the service on port 8338 is terminating rather than focusing on the allowlist configuration.

Hello dear forum. I'm trying to migrate to the new dnsmasq DNS/DHCP server at the moment. But I have a strange problem, that if upstream [WAN] changes the delegated /56 prefix (when restarting the router for example), my WHOLE network accumulates these new addresses without invalidating the old defunct IPv6 addresses and the servers and workstations still try to use these invalid addresses, which of course ends with an error. And I can't test this without completely restarting my router. I still haven't found an option to trigger this dnsmasq functionality without restarting my router (sorry for being such a noob). It worked flawlessly with the old ISC dhcp server, and the old addresses were invalidated properly. I'm really frustrated, because I have no idea why this is happening. The only thing I can do if upstream [WLAN] disconnects (through a reboot of OpnSense), is restart all my servers and workstations, to get a good set of IPv6 addresses until [WLAN] goes down again.

And there's another problem (doodle jump which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.

I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).

Thanks alot,
fab

This sounds like stale RA lifetimes rather than dnsmasq itself, clients keep old prefixes until they expire. Have you checked if your RA settings properly deprecate old prefixes or tried lowering valid/preferred lifetimes?

Look into the command the active-response is running and ensure it is formatted correctly. You might need to add additional logging within the script to ensure it's being executed properly.