Bug ID | 1180738 |
---|---|
Summary | fail2ban don't work with firewalld |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | ae@ae-online.de |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
After the change to firewalld fail2ban is not adding the IPs to the firewall. You see messages in the fail2ban log: Warning 0.0.0.0 already banned. See https://serverfault.com/questions/852755/fail2ban-doesnt-add-ips-to-ipset-firewalld I added /etc/fail2ban/action.d/custom-firewalld.conf with ----------------------------- START ----------------------------- #/etc/fail2ban/action.d/custom-firewalld.conf [INCLUDES] before = [Definition] actionstart = actionstop = actioncheck = #actionflush = sed -i '/<source address=/d' /etc/firewalld/zones/public.xml actionban = firewall-cmd --change-source=<ip> --zone=drop && firewall-cmd --change-source=<ip> --zone=drop --permanent actionunban = firewall-cmd --remove-source=<ip> --zone=drop && firewall-cmd --remove-source=<ip> --zone=drop --permanent || echo 0 [Init] ----------------------------- END ----------------------------- /etc/fail2ban/jail.conf ----------------------------- START ----------------------------- [...] # # Action shortcuts. To be used to define action parameter banaction = custom-firewalld banaction_allports = firewallcmd-allports [....] ----------------------------- END -----------------------------