On Fri, Aug 13, 2021 at 09:47:05AM +0100, Nick Howitt wrote:
> Then have a look at /etc/fail2ban/action.d/iptables.conf and override
> anything you want to change in a /etc/fail2ban/action.d/iptables.local.
Great that worked, almost, the file that I needed to change was:
/etc/fail2ban/action.d/iptables-multiport.conf
For the record the config that I changed was actionstart to:
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
# Remove as I do not want something at the start of the INPUT chain
# <iptables> -I <chain> -p <protocol> -m multiport --dports <port>
-j f2b-<name>
I also changed actionstop, removing the first line:
actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port>
-j f2b-<name>
Leaving:
actionstop = <actionflush>
<iptables> -X f2b-<name>
Thanks
> Personally, I've given up on using iptables as the default rule and switched
> to iptables-ipset-proto6 which gives a simpler iptables set up and also
> ipset is far more efficient than big lists of iptables rules.
My TODO file says that I must rewrite it using nft not iptables.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT
Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information:
https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
