I have fail2ban installed and working OK on CentOS 8 with one problem.
When I reboot the server, the fail2ban table isn't created so all attempts
to add bans generate errors like this:
NOTICE [postfix-sasl] Unban 51.83.71.72
#39-Lev. 7fabf99e3d50 -- exec: nft list chain inet fail2ban input | grep -q
'@f2b-postfix-sasl
[ \t]'
ERROR 7fabf99e3d50 -- returned 1
CRITICAL Unable to restore environment
I can manually resolve this with these commands (maybe only the second one
is needed):
nft add table inet fail2ban
nft -f /etc/nftables/fail2ban.conf
I suspect the problem is that /etc/nftables.conf is not loading (I believe
I had to create it but it's been a month now):
$ cat /etc/nftables.conf
include "/etc/nftables/fail2ban.conf"
$ cat /etc/nftables/fail2ban.conf
#!/usr/sbin/nft -f
# Use ip as fail2ban doesn't support ipv6 yet
table inet fail2ban {
chain input {
# Assign a high priority to reject as fast as possible and
avoid more complex rule evaluation
type filter hook input priority 100;
}
}
I'm still learning my way around nftables. I can't find much information
searching web and this mailling list, so part of the reason I'm creating
this thread is to document the solution once I've resolved it.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
