On 5/9/2021 1:17 AM, Nick Howitt wrote:
I seem to remember perhaps "chain" was not specified and there may have been something else.
chain defaults to INPUT in /etc/fail2ban/action.d/iptables-common.conf. Before I switched to firewalld (with CentOS 7) using banaction=firewallcmd-ipset, I changed the chain to a subchain named fail2ban. That made it easy to flush just the fail2ban iptables rules without disrupting the rest of the firewall on my gateway. I'm surprised that isn't the default.
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
