--On Monday, April 03, 2017 8:05 PM +0100 Dominic Raferd <domi...@timedicer.co.uk> wrote:
> I'm not familiar with firewalld, but if it is like ufw then it is just > a way of passing instructions to iptables and it should be possible for > fail2ban to pass its own instructions directly to iptables alongside > firewalld, and they need not conflict. The terminology can be confusing. The underlying kernel implementation is called netfilter, and implements the raw iptables rules. iptables is the userspace utilities for manipulating netfilter. iptables tends to disrupt existing connections. firewalld is a higher-level set of rules that also manipulate netfilter but in a way that allows easy dynamic changes without disrupting existing connections. You can still use iptables commands to inspect the changes to netfilter that firewalld makes. But you generally should avoid using iptables to make changes as they won't be visible to firewalld's persistent state and won't be restored on reboots. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
