I've been using shorewall and fail2ban for a while now, but nftables is soon replacing iptables, so it's time to consider some options.
Apparently fail2ban already supports nftables, but shorewall doesn't and wont - https://shorewall-users.narkive.com/aujuSpJ1/nftables-on-the-roadmap My main problem with fail2ban is that it fails to ban. Or rather it does ban, for that one rule I wrote myself, but not for any of the built in rules, but then it releases the ban, even though I have told shorewall to ban that particular IP. So the IP ends up being unbanned, coz fail2ban says so. Yes, I'm aware you can configure fail2ban to shift from temporary to permanent bans for persistent rule breakers. Would be good if the built in rules actually worked. Right now there's a particular IP hitting that one rule, and no matter what I do, even completely zapping fail2ban's database and leaving it turned off, that IP keeps bypassing my firewall somehow. So I'll eventually need a replacement for shorewall anyway, and I'd like something similar to fail2ban that doesn't fail to ban. So the two replacements have to get along with each other. None of this "bad IP can get through coz the two fight over it" bullshit. This has to run on my servers and desktop, so no GUI. I'm an experienced sysadmin, text config is good. Any suggestions? -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng