Control: tags -1 moreinfo
On 5/8/20 1:03 AM, Artur Pydo wrote:
> nft insert rule inet filter input tcp dport \{
> smtp,465,submission,imap,imaps,pop3,pop3s \}
I cannot reproduce this. The same rule worked here:
=== 8< ===
arturo@endurance:~$ sudo nft insert rule inet filter input tcp dport \{
smtp,465,submission,imap,imaps,pop3,pop3s \}
arturo@endurance:~$ sudo nft -S list ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
tcp dport { "smtp", "pop3", "imap2", "submissions",
"submission", "imaps",
"pop3s" }
[...]
=== 8< ===
This is my services file:
=== 8< ===
arturo@endurance:~$ grep imap /etc/services
imap2 143/tcp imap # Interim Mail Access P 2 and 4
imaps 993/tcp # IMAP over SSL
=== 8< ===
I wonder if fail2ban is wrapping the call to the nft binary in a way that
prevents it from doing the getaddrinfo() call. This seems unlikely anyway.
