On Fri, Sep 18, 2020 at 4:03 PM Robert Kudyba <[email protected]> wrote:
> Running Fedora 32, Fail2ban 0.11.1-10, > > my jail.local: > [DEFAULT] > bantime = 10800 > action = %(action_)s > usedns = no > mta = sendmail > backend = auto > banaction = firewallcmd-ipset > port = 0-65535 > bantime.increment = true > bantime.rndtime = 8m > [sshd] > enabled = true > maxretry = 4 > filter = sshd[mode=aggressive] > I don't have nearly as complex setup as you do, but I had to switch the default configuration in fail2ban from ipset to rich rules because ipset didn't work reliably with nftables which is the default for Fedora 32 and up (and EPEL 8 for that matter). However, this default is set for you: $ cat /etc/fail2ban/jail.d/00-firewalld.conf # This file is part of the fail2ban-firewalld package to configure the use of # the firewalld actions as the default actions. You can remove this package # (along with the empty fail2ban meta-package) if you do not use firewalld [DEFAULT] port = 0-65535 banaction = firewallcmd-rich-rules[actiontype=<multiport>] banaction_allports = firewallcmd-rich-rules[actiontype=<allports>] So there's no reason to duplicate the system wide settings. Thanks, Richard
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
