So I figured out the cause of most of the errors, apparently protocol = all isn't compatible with firewalld-ipset, as it tries to pass "all" to iptables-restore which isn't valid...
But there's still no ipset f2b-sshd loaded in firewalld: # firewall-cmd --get-ipsets blacklist I just checked the chains directly but I'm still seeing warnings of already banned IPs # iptables -S | grep INPUT_direct -N INPUT_direct -A INPUT -j INPUT_direct -A INPUT_direct -p tcp -m multiport --dports 22 -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable --- Of course gathering all the information I need for the email post I've figured a bunch of stuff out. I'm going to try firewalld-allports instead. I don't know why -ipset is default on Fedora. Thanks, Richard >
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
