On 3 April 2017 at 18:53, Dave Macias <dav...@gmail.com> wrote:
> Thank you for replying!
>
> Yes, the system can use iptables
> ..
> . But to answer the question more clearly we have firewalld which to my
> understanding manages iptables. With the current fail2ban setup we use the
> actionban firewalldcmd-ipset.conf
> <https://github.com/fail2ban/fail2ban/blob/0.10/config/action.d/firewallcmd-ipset.conf>
> which
> uses `ipset` to do the literal ban. The fail2ban-systemd installed adds the
> 00-firewalld.conf jail, which has
>
> > [DEFAULT]
> > banaction = firewallcmd-ipset
>
> so that's why i was trying to use firewalld/ipset as the permanent ban
> solution.
> Am i looking at this all wrong?
>
> thanks again
>
I'm not familiar with firewalld, but if it is like ufw then it is just a
way of passing instructions to iptables and it should be possible for
fail2ban to pass its own instructions directly to iptables alongside
firewalld, and they need not conflict. This is how it works for me using
fail2ban / iptables / ufw under Ubuntu (16.04). The fact that your
pre-written script substitutes a different default banaction though makes
me wonder if firewalld works differently. Maybe someone familiar with it
can advise.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
