On 09/05/2021 09:52, Kenneth Porter wrote:
On 5/9/2021 1:17 AM, Nick Howitt wrote:
I seem to remember perhaps "chain" was not specified and there may
have been something else.
chain defaults to INPUT in /etc/fail2ban/action.d/iptables-common.conf.
Before I switched to firewalld (with CentOS 7) using
banaction=firewallcmd-ipset, I changed the chain to a subchain named
fail2ban. That made it easy to flush just the fail2ban iptables rules
without disrupting the rest of the firewall on my gateway. I'm surprised
that isn't the default.
Look at the log. It will show the command it tried and failed to execute.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
