I've always gone with the philosophy that, if you're using shorewall to
manage your firewall, then fail2ban should use shorewall as its actions.
Similarly, if you use pfsense, then you tell pfsense that fail2ban would
like it to block an ip address. fail2ban isn't a firewall, it works in
What action are you using for the jail? Shorewall start/restart loads the
entire iptables
which will clobber fail2ban's entries.
I use an action that stores the offending IP address in an ipset so that the
shorewall restart
command doesn't wipe it.
[0:root@bb8 fail2ban]$ rpm -q
Hi,
I'm trying to harden a web-server. In the logfiles from apache I see a
number of attempts to get not-existing php-files so I used
apache-noscript to try to block the offending IP-address.
The filter fires, but the firewall does not block the IP-address. In
fail2ban's log-file I see a