Bug ID 1180738
Summary fail2ban don't work with firewalld
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter ae@ae-online.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

After the change to firewalld fail2ban is not adding the IPs to the firewall.

You see messages in the fail2ban log: Warning 0.0.0.0 already banned.

See
https://serverfault.com/questions/852755/fail2ban-doesnt-add-ips-to-ipset-firewalld

I added /etc/fail2ban/action.d/custom-firewalld.conf with

----------------------------- START -----------------------------
#/etc/fail2ban/action.d/custom-firewalld.conf
[INCLUDES]
before  =

[Definition]
actionstart =
actionstop =
actioncheck =

#actionflush = sed -i '/<source address=/d' /etc/firewalld/zones/public.xml
actionban = firewall-cmd --change-source=<ip> --zone=drop && firewall-cmd
--change-source=<ip> --zone=drop --permanent
actionunban = firewall-cmd --remove-source=<ip> --zone=drop && firewall-cmd
--remove-source=<ip> --zone=drop --permanent || echo 0

[Init]

----------------------------- END -----------------------------

/etc/fail2ban/jail.conf
----------------------------- START -----------------------------
[...]
#
# Action shortcuts. To be used to define action parameter
banaction = custom-firewalld
banaction_allports = firewallcmd-allports
[....]
----------------------------- END -----------------------------

You are receiving this mail because: