--On Friday, August 30, 2019 7:19 AM +0000 "STR ." <[email protected]>
wrote:
So you're saying this is the expected behavior? When does it use the
sub chain (fail2ban_root) specified in iptables-common.conf?
The .conf files should be considered pristine distribution files. Don't
edit them. (They should probably be put in /usr/lib/fail2ban so they can be
mounted read-only on more paranoid systems, similar to systemd unit files.)
To override default settings, you create a .local file of the same name.
The .conf file is read first and then any matching .local file is read to
override the first file's settings. More and more packages are taking this
approach to make it easier to upgrade and merge new settings into old
systems. You no longer have to watch for rpmnew files or their equivalent
in order to migrate new settings into your custom configuration.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
