On 9/23/2020 10:26 AM, Richard Shaw wrote:
Long story short (for anyone else that finds this thread later), for Fedora 31 / EL 7 or older, ipset seems to work best. For Fedora 32 and EL 8 and higher, you need to use rich rules as both releases switched to nftables by default.
That reminds me: Mike's iptables dump shows rules from firewalld, but he's using the iptables-multiport action for fail2ban. firewallcmd-ipset should be a better choice for integrating with firewalld. It invokes firewallcmd to insert the fail2ban rules into iptables so firewalld will be aware of them.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
