I have a Debian 9 server with where I had a working combination of iptables with fail2ban up and running. After successfully migrating the iptables part to nftables I struggle getting fail2ban working as before.
Has somebody been successful with this https://wiki.meurisse.org/wiki/Fail2Ban document? Any other hints for a howto?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
fail2ban with nftables
-
- Posts: 677
- Joined: 2018-05-10 19:34
- Location: Some where out west
- Been thanked: 1 time
Re: fail2ban with nftables
all though it may have been a good one, look at the date:
Maybe try https://wiki.debian.org/nftables and https://wiki.archlinux.org/index.php/Fail2ban
I don't know anything about the current Fail2ban myself, and the Debian wiki does not seem to have anything, but some one else here might have some experience with it.
Things have changed, I am sure.This page was last modified on 25 October 2016, at 10:41.
Maybe try https://wiki.debian.org/nftables and https://wiki.archlinux.org/index.php/Fail2ban
I don't know anything about the current Fail2ban myself, and the Debian wiki does not seem to have anything, but some one else here might have some experience with it.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Re: fail2ban with nftables
I have successfully set up fail2ban with nftables on Debian Buster.
The most important hurdle that I was able to overcome, is described here: http://forums.debian.net/viewtopic.php? ... an#p724150
(newer versions of fail2ban have solved certain bugs, but it is not sure whether the above is a bug or not).
If you can share more info on what is not working for you, then I can maybe help.
Vincent
The most important hurdle that I was able to overcome, is described here: http://forums.debian.net/viewtopic.php? ... an#p724150
(newer versions of fail2ban have solved certain bugs, but it is not sure whether the above is a bug or not).
If you can share more info on what is not working for you, then I can maybe help.
Vincent
Re: fail2ban with nftables
FWIW I use fail2ban with debian buster, but using a custom action (banaction = local_block), where my local_block.conf calls a script (at /usr/local/sbin/fail2ban_action.sh), which itself does this (the first argument, $1, is either "add" or "delete").
In my nftables.conf I have a set called "fail2ban", and the input chain has "ip saddr @fail2ban drop".
Of course this blocks the IP as a whole, thus like nftables-allports.conf, but has the benefit of being easy to modify (I just need to modify /usr/local/sbin/fail2ban_action.sh), e.g. if you want to block the IP at some other server (a separate firewall, etc.)
Code: Select all
#!/bin/sh
nft $1 element inet filter fail2ban { $2 } 2>&1
exit 0
Of course this blocks the IP as a whole, thus like nftables-allports.conf, but has the benefit of being easy to modify (I just need to modify /usr/local/sbin/fail2ban_action.sh), e.g. if you want to block the IP at some other server (a separate firewall, etc.)