Maybe this has been discussed before but I haven't been on the list that long. I recently moved Fedora and EL from firewalld-ipset to firewalld-rich-rules and overall it works much better.
ipset was causing firewalld to use legacy iptables and I frequently saw WARNING already banned messages. Switching to rich-rules solved this problem but created another one. The default range for allports is "0:65535" which is fine for iptables but firewalld chokes on this but will accept the form "0-65535". Not being familiar with the inner workings of fail2ban, the easy thing to do would be to make the change in jail.conf for Fedora packages since we default to firewalld, however, I don't want to cause the reverse problem for people that want to run iptables. Is there a way to cover this for both situations? Thanks, Richard
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
