I have CentOS 7 with firewalld. I installed fail2ban and using the firewallcmd-new action. I am seeing bans in the fail2ban logs, and I want to check in firewallcmd if they are blocked. How can I do it?
How to check if firewalld is blocking an incoming ip address
fail2banfirewalld
Best Answer
First, I strongly recommend that you use
banaction = firewallcmd-ipset
as this will provide much better performance when the ban list starts getting large.Now, with any of fail2ban's firewalld actions, it will add a direct rule, which you can inspect with
firewall-cmd --direct --get-all-rules
:As you can see, I am using
firewallcmd-ipset
, so the actual banned IP addresses are not listed here. Instead, I find them withipset list
: