From c3fdd03e1b54c8d4f190d7b4b8ec5bf9756acd9d Mon Sep 17 00:00:00 2001
From: limuthu123 <168603554+limuthu123@users.noreply.github.com>
Date: Sun, 31 May 2026 12:37:33 +0530
Subject: [PATCH] ufw: fix fail2ban logs error when using kill-mode=conntrack

Ignore exit code 1 from conntrack -D and ss -K (no entries deleted) and skip kill commands during restoration.
---
 config/action.d/ufw.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
index 060093a0..e77b7df9 100644
--- a/config/action.d/ufw.conf
+++ b/config/action.d/ufw.conf
@@ -39,8 +39,8 @@ kill-mode =
 
 # intern conditional parameter used to provide killing mode after ban:
 _kill_ =
-_kill_ss = ss -K dst "[<ip>]"
-_kill_conntrack = conntrack -D -s "<ip>"
+_kill_ss = if [ "<restored>" != "1" ]; then ss -K dst "[<ip>]" || [ $? -eq 1 ]; fi
+_kill_conntrack = if [ "<restored>" != "1" ]; then conntrack -D -s "<ip>" || [ $? -eq 1 ]; fi
 
 # Option: kill
 # Notes.: can be used to specify custom killing feature, by default depending on option kill-mode