Hello list! I’m still dealing with various issues setting up Fail2Ban with Asterisk on CentOS7. I’m wondering if many people (or any at all) use FirewallD?
http://sourceforge.net/p/fail2ban/mailman/message/34077735/ I did make some progress though. I started to run each of the firewalldcmd-ipset commands individually, read manuals, etc. And I found some issues. Not sure where and how it need to be fixed for future: #1. ipset need to be enabled in firewalld. In my base CentOS7 install it wasn’t. It behaves like there is no issue and it commands run but nothing happens. # Is IPsec enabled? firewall-cmd --zone=public --query-service=ipsec # No? Then enable it: firewall-cmd --zone=public --add-service=ipsec # and next reboot too: firewall-cmd --permanent --zone=public --add-service=ipsec #2. jail.local’s bantime parameter DOES NOT control ipset’s ban time. Change need to be made also to action.d/firewallcmd-ipset.conf (or I guess local) It’s not plug and play with main setting. When I changed main bantime - F2B was thinking and processing correctly (I did 86400) but actual ban was for 600 set in action config and I was getting “already banned” after 10 minutes.. #3. Even though it mainly works now - there is still errors in a log on system reboot (see link to original message above). I’m pretty sure it is related to the fact that machine rebooting. It’s not a problem on "systemctl restart fail2ban” And finally. I wonder why there is no Action for pure firewalld-cmd? There is rich rules that can be added and removed in very similar/simple way. I was using them manually and they work great. At least for plain IP banning. Is it because firewallD pretty new or there was a problem using it in such a way? P.S. I think there is 1 more rule missing for Asterisk as I see it’s trying to ban my own internal IP (which I excluded, but it’s more of the rule problem) Ivan ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
