Fail2ban using FirewallD confirming

Support for security such as Firewalls and securing linux
Post Reply
Boyd.ako
Posts: 44
Joined: 2016/06/22 08:49:07
Location: Honolulu, HI
Contact:

Fail2ban using FirewallD confirming

Post by Boyd.ako » 2020/04/14 05:33:32

I don't think Fail2ban is using Firewalld as I think it should be.

I've got the firewalld config installed:

Code: Select all

[root@nx74205 jail.d]# for conf in $(find $PWD -type f); do printf "=== %s ===\n%s\n\n" "$conf" "$(cat $conf)"; done
=== /etc/fail2ban/jail.d/00-firewalld.conf ===
# This file is part of the fail2ban-firewalld package to configure the use of
# the firewalld actions as the default actions.  You can remove this package
# (along with the empty fail2ban meta-package) if you do not use firewalld
[DEFAULT]
banaction = firewallcmd-ipset[actiontype=<multiport>]
banaction_allports = firewallcmd-ipset[actiontype=<allports>]

=== /etc/fail2ban/jail.d/00-systemd.conf ===
# This file is part of the fail2ban-systemd package to configure the use of
# the systemd journal as the default backend.  You can remove this package
# (along with the empty fail2ban meta-package) if you do not want to use the
# journal backend
[DEFAULT]
backend=systemd
But the dump of the config looks like it's using the iptables command.

Code: Select all

[root@nx74205 jail.d]# fail2ban-client --dp
['set', 'syslogsocket', 'auto']
['set', 'loglevel', 'INFO']
['set', 'logtarget', '/var/log/fail2ban.log']
['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3']
['set', 'dbmaxmatches', 10]
['set', 'dbpurgeage', '1209600']
['add', 'apache-auth', 'auto']
['set', 'apache-auth', 'usedns', 'yes']
['set', 'apache-auth', 'prefregex', '^\\[\\]\\s\\[(:?error|(?!evasive)\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (?:AH\\d+: )?<F-CONTENT>.+</F-CONTENT>$']
['multi-set', 'apache-auth', 'addfailregex', ['^client (?:denied by server configuration|used wrong authentication scheme)\\b', '^user (?!`)<F-USER>(?:\\S*|.*?)</F-USER> (?:auth(?:oriz|entic)ation failure|not found|denied by provider)\\b', '^Authorization of user <F-USER>(?:\\S*|.*?)</F-USER> to access .*? failed\\b', '^([A-Z]\\w+: )?user <F-USER>(?:\\S*|.*?)</F-USER>: password mismatch\\b', "^([A-Z]\\w+: )?user `<F-USER>(?:[^']*|.*?)</F-USER>' in realm `.+' (auth(?:oriz|entic)ation failure|not found|denied by provider)\\b", '^([A-Z]\\w+: )?invalid nonce .* received - length is not\\b', "^([A-Z]\\w+: )?realm mismatch - got `(?:[^']*|.*?)' but expected\\b", "^([A-Z]\\w+: )?unknown algorithm `(?:[^']*|.*?)' received\\b", "^invalid qop `(?:[^']*|.*?)' received\\b", '^([A-Z]\\w+: )?invalid nonce .*? received - user attempted time travel\\b', '^(?:No h|H)ostname \\S+ provided via SNI(?:, but no hostname provided| and hostname \\S+ provided| for a name based virtual host)\\b']]
['set', 'apache-auth', 'datepattern', '{^LN-BEG}']
['set', 'apache-auth', 'maxretry', 3]
['set', 'apache-auth', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-auth', 'logencoding', 'auto']
['set', 'apache-auth', 'bantime', '21600']
['set', 'apache-auth', 'ignorecommand', '']
['set', 'apache-auth', 'findtime', '3600']
['set', 'apache-auth', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-auth', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-auth', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-auth', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-auth', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-auth', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-auth',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-auth -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-auth'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-auth\n<iptables> -F f2b-apache-auth\n<iptables> -X f2b-apache-auth'],
    ['actionstart', '<iptables> -N f2b-apache-auth\n<iptables> -A f2b-apache-auth -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-auth'],
    ['actionban', '<iptables> -I f2b-apache-auth 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-auth[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-auth']]]
['add', 'apache-badbots', 'auto']
['set', 'apache-badbots', 'usedns', 'yes']
[ 'set',
  'apache-badbots',
  'addfailregex',
  '^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:Atomic_Email_Hunter/4\\.0|atSpider/1\\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\\.6|ContactBot/0\\.2|ContentSmartz|DataCha0s/2\\.0|DBrowse 1\\.4b|DBrowse 1\\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\\.0\\.x|ISC Systems iRc Search 2\\.1|IUPUI Research Bot v 1\\.9a|LARBIN-EXPERIMENTAL \\(efp@gmx\\.net\\)|LetsCrawl\\.com/1\\.0 \\+http\\://letscrawl\\.com/|Lincoln State Web Browser|LMQueueBot/0\\.2|LWP\\:\\:Simple/5\\.803|Mac Finder 1\\.0\\.xx|MFC Foundation Class Library 4\\.0|Microsoft URL Control - 6\\.00\\.8xxx|Missauga Locate 1\\.0\\.0|Missigua Locator 1\\.9|Missouri College Browse|Mizzu Labs 2\\.2|Mo College 1\\.9|MVAClient|Mozilla/2\\.0 \\(compatible; NEWT ActiveX; Win32\\)|Mozilla/3\\.0 \\(compatible; Indy Library\\)|Mozilla/3\\.0 \\(compatible; scan4mail \\(advanced version\\) http\\://www\\.peterspages\\.net/?scan4mail\\)|Mozilla/4\\.0 \\(compatible; Advanced Email Extractor v2\\.xx\\)|Mozilla/4\\.0 \\(compatible; Iplexx Spider/1\\.0 http\\://www\\.iplexx\\.at\\)|Mozilla/4\\.0 \\(compatible; MSIE 5\\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\\.0 efp@gmx\\.net|Mozilla/5\\.0 \\(Version\\: xxxx Type\\:xx\\)|NameOfAgent \\(CMS Spider\\)|NASA Search 1\\.0|Nsauditor/1\\.x|PBrowse 1\\.4b|PEval 1\\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\\.0\\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\\.com|ShablastBot 1\\.0|snap\\.com beta crawler v0|Snapbot/1\\.0|Snapbot/1\\.0 \\(Snap Shots&#44; \\+http\\://www\\.snap\\.com\\)|sogou develop spider|Sogou Orion spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sogou spider|Sogou web spider/3\\.0\\(\\+http\\://www\\.sogou\\.com/docs/help/webmasters\\.htm#07\\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\\.2|User-Agent\\: Mozilla/4\\.0 \\(compatible; MSIE 6\\.0; Windows NT 5\\.1\\)|VadixBot|WebVulnCrawl\\.unknown/1\\.0 libwww-perl/5\\.803|Wells Search II|WEP Search 00|EmailCollector|WebEMailExtrac|TrackBack/1\\.02|sogou music spider|(?:Mozilla/\\d+\\.\\d+ )?Jorgee)"$']
['set', 'apache-badbots', 'datepattern', '^[^\\[]*\\[({DATE})\n{^LN-BEG}']
['set', 'apache-badbots', 'maxretry', 1]
['set', 'apache-badbots', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-badbots', 'logencoding', 'auto']
['set', 'apache-badbots', 'bantime', '172800']
['set', 'apache-badbots', 'ignorecommand', '']
['set', 'apache-badbots', 'findtime', '3600']
['set', 'apache-badbots', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-access_log', 'head']
['set', 'apache-badbots', 'addlogpath', '/var/log/httpd/access_log', 'head']
['set', 'apache-badbots', 'addlogpath', '/var/log/httpd/ssl_access_log', 'head']
['set', 'apache-badbots', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-access_log', 'head']
['set', 'apache-badbots', 'addlogpath', '/var/log/httpd/neverland.ddns.me-access_log', 'head']
['set', 'apache-badbots', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-badbots',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-badbots -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-badbots'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-badbots\n<iptables> -F f2b-apache-badbots\n<iptables> -X f2b-apache-badbots'],
    ['actionstart', '<iptables> -N f2b-apache-badbots\n<iptables> -A f2b-apache-badbots -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-badbots'],
    ['actionban', '<iptables> -I f2b-apache-badbots 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-badbots[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '172800'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-badbots']]]
['add', 'apache-noscript', 'auto']
['set', 'apache-noscript', 'usedns', 'yes']
['set', 'apache-noscript', 'prefregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (?:AH0(?:01(?:28|30)|1(?:264|071)): )?(?:(?:[Ff]ile|script|[Gg]ot) )<F-CONTENT>.+</F-CONTENT>$']
['multi-set', 'apache-noscript', 'addfailregex', ['^(?:does not exist|not found or unable to stat): /\\S*(?:php(?:[45]|[.-]cgi)?|\\.asp|\\.exe|\\.pl)\\b', "^'/\\S*(?:php(?:[45]|[.-]cgi)?|\\.asp|\\.exe|\\.pl)\\S*' not found or unable to stat", "^error '[Pp]rimary script unknown(?:\\\\n)?'"]]
['set', 'apache-noscript', 'datepattern', '{^LN-BEG}']
['set', 'apache-noscript', 'maxretry', 3]
['set', 'apache-noscript', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-noscript', 'logencoding', 'auto']
['set', 'apache-noscript', 'bantime', '21600']
['set', 'apache-noscript', 'ignorecommand', '']
['set', 'apache-noscript', 'findtime', '3600']
['set', 'apache-noscript', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-noscript', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-noscript', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-noscript', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-noscript', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-noscript', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-noscript',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-noscript -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-noscript'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-noscript\n<iptables> -F f2b-apache-noscript\n<iptables> -X f2b-apache-noscript'],
    ['actionstart', '<iptables> -N f2b-apache-noscript\n<iptables> -A f2b-apache-noscript -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-noscript'],
    ['actionban', '<iptables> -I f2b-apache-noscript 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-noscript[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-noscript']]]
['add', 'apache-overflows', 'auto']
['set', 'apache-overflows', 'usedns', 'yes']
['set', 'apache-overflows', 'addfailregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (?:(?:AH0013[456]: )?Invalid (method|URI) in request\\b|(?:AH00565: )?request failed: URI too long \\(longer than \\d+\\)|request failed: erroneous characters after protocol string:|(?:AH00566: )?request failed: invalid characters in URI\\b)']
['set', 'apache-overflows', 'datepattern', '{^LN-BEG}']
['set', 'apache-overflows', 'maxretry', 2]
['set', 'apache-overflows', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-overflows', 'logencoding', 'auto']
['set', 'apache-overflows', 'bantime', '21600']
['set', 'apache-overflows', 'ignorecommand', '']
['set', 'apache-overflows', 'findtime', '3600']
['set', 'apache-overflows', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-overflows', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-overflows', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-overflows', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-overflows', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-overflows', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-overflows',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-overflows -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-overflows'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-overflows\n<iptables> -F f2b-apache-overflows\n<iptables> -X f2b-apache-overflows'],
    ['actionstart', '<iptables> -N f2b-apache-overflows\n<iptables> -A f2b-apache-overflows -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-overflows'],
    ['actionban', '<iptables> -I f2b-apache-overflows 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-overflows[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-overflows']]]
['add', 'apache-nohome', 'auto']
['set', 'apache-nohome', 'usedns', 'yes']
['set', 'apache-nohome', 'addfailregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (AH00128: )?File does not exist: .*/~.*']
['set', 'apache-nohome', 'datepattern', '{^LN-BEG}']
['set', 'apache-nohome', 'maxretry', 2]
['set', 'apache-nohome', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-nohome', 'logencoding', 'auto']
['set', 'apache-nohome', 'bantime', '21600']
['set', 'apache-nohome', 'ignorecommand', '']
['set', 'apache-nohome', 'findtime', '3600']
['set', 'apache-nohome', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-nohome', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-nohome', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-nohome', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-nohome', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-nohome', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-nohome',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-nohome -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-nohome'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-nohome\n<iptables> -F f2b-apache-nohome\n<iptables> -X f2b-apache-nohome'],
    ['actionstart', '<iptables> -N f2b-apache-nohome\n<iptables> -A f2b-apache-nohome -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-nohome'],
    ['actionban', '<iptables> -I f2b-apache-nohome 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-nohome[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-nohome']]]
['add', 'apache-botsearch', 'auto']
['set', 'apache-botsearch', 'usedns', 'yes']
['set', 'apache-botsearch', 'prefregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (?:AH\\d+: )?<F-CONTENT>.+</F-CONTENT>$']
['multi-set', 'apache-botsearch', 'addfailregex', ['^(?:File does not exist|script not found or unable to stat): /var/www/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]*(, referer: \\S+)?\\s*$', "^script '/var/www/\\/?(roundcube|(ext)?mail|horde|(v-?)?webmail|(typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)|wp-(login|signup|admin)\\.php|cgi-bin|mysqladmin)[^,]*' not found or unable to stat(, referer: \\S+)?\\s*$"]]
['set', 'apache-botsearch', 'datepattern', '{^LN-BEG}']
['set', 'apache-botsearch', 'maxretry', 2]
['set', 'apache-botsearch', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-botsearch', 'logencoding', 'auto']
['set', 'apache-botsearch', 'bantime', '21600']
['set', 'apache-botsearch', 'ignorecommand', '']
['set', 'apache-botsearch', 'findtime', '3600']
['set', 'apache-botsearch', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-botsearch', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-botsearch', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-botsearch', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-botsearch', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-botsearch', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-botsearch',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-botsearch -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-botsearch'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-botsearch\n<iptables> -F f2b-apache-botsearch\n<iptables> -X f2b-apache-botsearch'],
    ['actionstart', '<iptables> -N f2b-apache-botsearch\n<iptables> -A f2b-apache-botsearch -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-botsearch'],
    ['actionban', '<iptables> -I f2b-apache-botsearch 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-botsearch[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-botsearch']]]
['add', 'apache-fakegooglebot', 'auto']
['set', 'apache-fakegooglebot', 'usedns', 'yes']
['set', 'apache-fakegooglebot', 'addfailregex', '^<HOST> .*Googlebot.*$']
['set', 'apache-fakegooglebot', 'datepattern', '^[^\\[]*\\[({DATE})\n{^LN-BEG}']
['set', 'apache-fakegooglebot', 'maxretry', 1]
['set', 'apache-fakegooglebot', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-fakegooglebot', 'logencoding', 'auto']
['set', 'apache-fakegooglebot', 'bantime', '21600']
['set', 'apache-fakegooglebot', 'ignorecommand', '/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot <ip>']
['set', 'apache-fakegooglebot', 'findtime', '3600']
['set', 'apache-fakegooglebot', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-access_log', 'head']
['set', 'apache-fakegooglebot', 'addlogpath', '/var/log/httpd/access_log', 'head']
['set', 'apache-fakegooglebot', 'addlogpath', '/var/log/httpd/ssl_access_log', 'head']
['set', 'apache-fakegooglebot', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-access_log', 'head']
['set', 'apache-fakegooglebot', 'addlogpath', '/var/log/httpd/neverland.ddns.me-access_log', 'head']
['set', 'apache-fakegooglebot', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-fakegooglebot',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-fakegooglebot -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-fakegooglebot'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-fakegooglebot\n<iptables> -F f2b-apache-fakegooglebot\n<iptables> -X f2b-apache-fakegooglebot'],
    ['actionstart', '<iptables> -N f2b-apache-fakegooglebot\n<iptables> -A f2b-apache-fakegooglebot -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-fakegooglebot'],
    ['actionban', '<iptables> -I f2b-apache-fakegooglebot 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-fakegooglebot[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-fakegooglebot']]]
['add', 'apache-modsecurity', 'auto']
['set', 'apache-modsecurity', 'usedns', 'yes']
['set', 'apache-modsecurity', 'addfailregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\](?: \\[client [^\\]]+\\])? ModSecurity:\\s+(?:\\[(?:\\w+ \\"[^\\"]*\\"|[^\\]]*)\\]\\s*)*Access denied with code [45]\\d\\d']
['set', 'apache-modsecurity', 'datepattern', '{^LN-BEG}']
['set', 'apache-modsecurity', 'maxretry', 2]
['set', 'apache-modsecurity', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-modsecurity', 'logencoding', 'auto']
['set', 'apache-modsecurity', 'bantime', '21600']
['set', 'apache-modsecurity', 'ignorecommand', '']
['set', 'apache-modsecurity', 'findtime', '3600']
['set', 'apache-modsecurity', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-modsecurity', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-modsecurity', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-modsecurity', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-modsecurity', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-modsecurity', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-modsecurity',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-modsecurity -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-modsecurity'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-modsecurity\n<iptables> -F f2b-apache-modsecurity\n<iptables> -X f2b-apache-modsecurity'],
    ['actionstart', '<iptables> -N f2b-apache-modsecurity\n<iptables> -A f2b-apache-modsecurity -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-modsecurity'],
    ['actionban', '<iptables> -I f2b-apache-modsecurity 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-modsecurity[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-modsecurity']]]
['add', 'apache-shellshock', 'auto']
['set', 'apache-shellshock', 'usedns', 'yes']
['set', 'apache-shellshock', 'prefregex', '^\\[\\]\\s\\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (AH01215: )?/bin/([bd]a)?sh: <F-CONTENT>.+</F-CONTENT>$']
['multi-set', 'apache-shellshock', 'addfailregex', ['^warning: HTTP_[^:]+: ignoring function definition attempt(, referer: \\S+)?\\s*$', "^error importing function definition for `HTTP_[^']+'(, referer: \\S+)?\\s*$"]]
['set', 'apache-shellshock', 'datepattern', '{^LN-BEG}']
['set', 'apache-shellshock', 'maxretry', 1]
['set', 'apache-shellshock', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'apache-shellshock', 'logencoding', 'auto']
['set', 'apache-shellshock', 'bantime', '21600']
['set', 'apache-shellshock', 'ignorecommand', '']
['set', 'apache-shellshock', 'findtime', '3600']
['set', 'apache-shellshock', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-error_log', 'head']
['set', 'apache-shellshock', 'addlogpath', '/var/log/httpd/error_log', 'head']
['set', 'apache-shellshock', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-error_log', 'head']
['set', 'apache-shellshock', 'addlogpath', '/var/log/httpd/ssl_error_log', 'head']
['set', 'apache-shellshock', 'addlogpath', '/var/log/httpd/neverland.ddns.me-error_log', 'head']
['set', 'apache-shellshock', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'apache-shellshock',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-apache-shellshock -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-apache-shellshock'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-apache-shellshock\n<iptables> -F f2b-apache-shellshock\n<iptables> -X f2b-apache-shellshock'],
    ['actionstart', '<iptables> -N f2b-apache-shellshock\n<iptables> -A f2b-apache-shellshock -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-apache-shellshock'],
    ['actionban', '<iptables> -I f2b-apache-shellshock 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-apache-shellshock[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'apache-shellshock']]]
['add', 'php-url-fopen', 'auto']
['set', 'php-url-fopen', 'usedns', 'yes']
['set', 'php-url-fopen', 'addfailregex', '^<HOST> -.*"(GET|POST).*\\?.*\\=http\\:\\/\\/.* HTTP\\/.*$']
['set', 'php-url-fopen', 'datepattern', '^[^\\[]*\\[({DATE})\n{^LN-BEG}']
['set', 'php-url-fopen', 'maxretry', 3]
['set', 'php-url-fopen', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'php-url-fopen', 'logencoding', 'auto']
['set', 'php-url-fopen', 'bantime', '21600']
['set', 'php-url-fopen', 'ignorecommand', '']
['set', 'php-url-fopen', 'findtime', '3600']
['set', 'php-url-fopen', 'addlogpath', '/var/log/httpd/storage.boydhanaleiako.me-access_log', 'head']
['set', 'php-url-fopen', 'addlogpath', '/var/log/httpd/access_log', 'head']
['set', 'php-url-fopen', 'addlogpath', '/var/log/httpd/ssl_access_log', 'head']
['set', 'php-url-fopen', 'addlogpath', '/var/log/httpd/ampache.workisboring.com-access_log', 'head']
['set', 'php-url-fopen', 'addlogpath', '/var/log/httpd/neverland.ddns.me-access_log', 'head']
['set', 'php-url-fopen', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'php-url-fopen',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-php-url-fopen -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-php-url-fopen'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-php-url-fopen\n<iptables> -F f2b-php-url-fopen\n<iptables> -X f2b-php-url-fopen'],
    ['actionstart', '<iptables> -N f2b-php-url-fopen\n<iptables> -A f2b-php-url-fopen -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-php-url-fopen'],
    ['actionban', '<iptables> -I f2b-php-url-fopen 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-php-url-fopen[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', 'http,https'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'php-url-fopen']]]
['add', 'mysqld-auth', 'auto']
['set', 'mysqld-auth', 'usedns', 'yes']
['set', 'mysqld-auth', 'addfailregex', "^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?\\S*(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?\\S*(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?(?:(?:\\d{6}|\\d{4}-\\d{2}-\\d{2})[ T]\\s?\\d{1,2}:\\d{2}:\\d{2} )?(?:\\d+ )?\\[\\w+\\] (?:\\[[^\\]]+\\] )*Access denied for user '[^']+'@'<HOST>' (to database '[^']*'|\\(using password: (YES|NO)\\))*\\s*$"]
['set', 'mysqld-auth', 'datepattern', '{^LN-BEG}']
['set', 'mysqld-auth', 'maxretry', 3]
['set', 'mysqld-auth', 'addignoreip', '127.0.0.1/8', '10.0.0.1/24']
['set', 'mysqld-auth', 'logencoding', 'auto']
['set', 'mysqld-auth', 'bantime', '21600']
['set', 'mysqld-auth', 'ignorecommand', '']
['set', 'mysqld-auth', 'findtime', '3600']
['set', 'mysqld-auth', 'addlogpath', '/var/log/mysqld.log', 'head']
['set', 'mysqld-auth', 'addaction', 'iptables-multiport']
[ 'multi-set',
  'mysqld-auth',
  'action',
  'iptables-multiport',
  [ ['actionunban', '<iptables> -D f2b-mysqld-auth -s <ip> -j <blocktype>'],
    ['actionflush', '<iptables> -F f2b-mysqld-auth'],
    ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports 3306 -j f2b-mysqld-auth\n<iptables> -F f2b-mysqld-auth\n<iptables> -X f2b-mysqld-auth'],
    ['actionstart', '<iptables> -N f2b-mysqld-auth\n<iptables> -A f2b-mysqld-auth -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports 3306 -j f2b-mysqld-auth'],
    ['actionban', '<iptables> -I f2b-mysqld-auth 1 -s <ip> -j <blocktype>'],
    ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-mysqld-auth[ \\t]'"],
    ['protocol', 'tcp'],
    ['chain', 'INPUT'],
    ['lockingopt', '-w'],
    ['blocktype', 'REJECT --reject-with icmp-port-unreachable'],
    ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'],
    ['port', '3306'],
    ['actname', 'iptables-multiport'],
    ['bantime', '21600'],
    ['iptables', 'iptables <lockingopt>'],
    ['returntype', 'RETURN'],
    ['iptables?family=inet6', 'ip6tables <lockingopt>'],
    ['name', 'mysqld-auth']]]
['start', 'apache-auth']
['start', 'apache-badbots']
['start', 'apache-noscript']
['start', 'apache-overflows']
['start', 'apache-nohome']
['start', 'apache-botsearch']
['start', 'apache-fakegooglebot']
['start', 'apache-modsecurity']
['start', 'apache-shellshock']
['start', 'php-url-fopen']
['start', 'mysqld-auth']
I test to check if banning is working and fail2ban is registering it... But it's not showing up in firewalld.

Code: Select all

[root@nx74205 jail.d]# fail2ban-client set apache-auth banip 147.0.140.66
1
[root@nx74205 jail.d]# fail2ban-client status apache-auth
Status for the jail: apache-auth
|- Filter
|  |- Currently failed:	1
|  |- Total failed:	2
|  `- File list:	/var/log/httpd/error_log /var/log/httpd/ssl_error_log /var/log/httpd/neverland.ddns.me-error_log /var/log/httpd/ampache.workisboring.com-error_log /var/log/httpd/storage.boydhanaleiako.me-error_log
`- Actions
   |- Currently banned:	1
   |- Total banned:	2
   `- Banned IP list:	147.0.140.66
[root@nx74205 jail.d]# tail -n 5 /var/log/fail2ban.log
2020-04-13 18:10:46,373 fail2ban.actions        [20711]: NOTICE  [apache-auth] Restore Ban 147.0.140.66
2020-04-13 18:16:53,191 fail2ban.filter         [20711]: INFO    [apache-auth] Found 213.217.0.184 - 2020-04-13 18:16:53
2020-04-13 18:16:55,974 fail2ban.filter         [20711]: INFO    [apache-auth] Found 213.217.0.184 - 2020-04-13 18:16:55
2020-04-13 19:02:19,423 fail2ban.actions        [20711]: NOTICE  [apache-auth] Unban 147.0.140.66
2020-04-13 19:20:47,781 fail2ban.actions        [20711]: NOTICE  [apache-auth] Ban 147.0.140.66
[root@nx74205 jail.d]# firewall-cmd --direct --get-all-chains
[root@nx74205 jail.d]# firewall-cmd --direct --get-all-rules
Luckilly, the ip is getting blocked in iptables...but still...

Code: Select all

[root@nx74205 jail.d]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-N f2b-apache-auth
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-auth
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth0 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eth0 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 9117 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 4040 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 2049 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p udp -m udp --dport 2049 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 2049 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A f2b-apache-auth -s 147.0.140.66/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-apache-auth -j RETURN
My noob level: LPIC-2, Sec+ CE, Linux+
https://boydhanaleiako.me

User avatar
KernelOops
Posts: 321
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Fail2ban using FirewallD confirming

Post by KernelOops » 2020/04/14 06:08:19

CentOS 8 firewalld does not use iptables. Read a bit more about firewalld and firewall-cmd.
--
I love my computer - all my friends live there.
--

Post Reply

Return to “CentOS 8 - Security Support”