Package: nftables Version: 0.9.0-2 Severity: normal Dear Maintainer,
While setting fail2ban with nftables (with default /etc/nftables.conf) the firewall initialization command failed on fail2ban start : nft insert rule inet filter input tcp dport \{ smtp,465,submission,imap,imaps,pop3,pop3s \} ip saddr @f2b-postfix-sasl reject failed with the following error : Error: Could not resolve service: Servname not found in nft services list The error was related to 'imap' service. However, in /etc/services imap service is defined as follows : imap2 143/tcp imap # Interim Mail Access P 2 and 4 This service main name is 'imap2' and there is also an alias set to 'imap'. It seems that nft does not take into account this service alias. Replacing 'imap' with 'imap2' solved the nft problem : nft insert rule inet filter input tcp dport \{ smtp,465,submission,imap2,imaps,pop3,pop3s \} ip saddr @f2b-postfix-sasl reject Please note that to solve this problem in fail2ban, one have to change the default ports list in jail.local. Example of working /etc/fail2ban/jail.local : [DEFAULT] banaction = nftables-multiport banaction_allports = nftables-allports [postfix-sasl] enabled = true port = smtp,465,submission,imap2,imaps,pop3,pop3s [dovecot] enabled = true port = pop3,pop3s,imap2,imaps,submission,465,sieve One may expect to have imap service resolved in nft and to have a default working configuration in fail2ban Thanks for your attention. -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nftables depends on: ii dpkg 1.19.7 ii libc6 2.28-10 ii libgmp10 2:6.1.2+dfsg-4 ii libjansson4 2.12-1 ii libnftables0 0.9.0-2 ii libreadline7 7.0-5 nftables recommends no packages. nftables suggests no packages. -- Configuration Files: /etc/nftables.conf changed [not included] -- no debconf information