> > Yes I reported this issue on a Bugzilla for Red Hat/Fedora at >> https://bugzilla.redhat.com/show_bug.cgi?id=1823746 >> > > I know, hence my post here to try and find a solution :) > > > >> Is there a way to cover this for both situations? >>> >> >> Just to use jail.local to override it--and do not use "all" or "anyport" >> for the "port" option. You might also have to manually or via rpmconf -a >> change the /etc/fail2ban/jail.d/00-firewalld.conf file after updating >> to fail2ban-0.11.1-6 >> > > No need for rpmconf, if you modify the file it's marked %config(noreplace) > in the spec file, the new file will be created as <original>.rpmnew >
Sure can do it either way, rename the .rpmnew file or use rpmconf -a > > I just changed the port entry from to use the hyphen instead and it seemed > to work fine. > > > >> As described in the BZ entry, I'm struggling with getting the recidive >> jail to work with firewalld-rich-rules. I had to go back to the iptables >> option. >> > > Part of the problem is I have no idea was recidive is, but it looks like > in your configuration it may be trying to use iptables? I don't think mixed > modes are going to work. > Yes I switched back to iptables as even the fix doesn't seem to work on the recidive jail. recidive allows "permanent" blocking of an IP by repeat offenders and by setting bantime to -1 (which means permanently rather than say, 10 minutes). > I have no plans to change it back but I will work to find a solution. The > firewalld-ipset config was completely broken and ssh is a very important > jail to have working. > There is also a progressive ban, e.g., bantime.increment, see the description in Git <https://github.com/fail2ban/fail2ban/pull/1460/files#diff-04e245e7ddfd46056df5e124cd8d5c11R47>. I haven't' tested this yet.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
