Fail2ban with firewalld

[JackBauer]

Hello,

I just copied jail.conf to jail.local

Inside of jail.local I have this

Code: Select all

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
banaction_allports = iptables-allports

It looks like iptables is the default.

Then I have this file

Code: Select all

[root@nsxxx688 jail.d]# cat 00-firewalld.conf
# This file is part of the fail2ban-firewalld package to configure the use of
# the firewalld actions as the default actions.  You can remove this package
# (along with the empty fail2ban meta-package) if you do not use firewalld
[DEFAULT]
banaction = firewallcmd-rich-rules[actiontype=<multiport>]
banaction_allports = firewallcmd-rich-rules[actiontype=<allports>]
[root@nsxxx688 jail.d]#

How to make the firewalld the default instead of iptables?

Should I reference 00-firewalld.conf in some way inside of jail.local?

Thanks

[JackBauer]

OK, I found my mistake.

What I need to do is to just have jail.local with the jail I want enabled.

For example if I want ssh jail enabled I have to create a file jail.local with only this

Code: Select all

[sshd]
enabled = true

And now I am using firewallcmd-rich-rules

Sometimes I overcomplicate things and I don't read the guides.