Previously I have a CentOS 6.5 with Iptables and I configure some jails for nginx as suggested here: How To use fail2ban for Nginx?.
But now I am in CentOS 7, trying to use the new firewall and latest fail2ban as well. I know there is a new firewallcmd-ipset.conf. But I wonder how the code of the above link should be adapted to the new firewall and the new fail2ban.
Watching firewallcmd-ipset.conf it seems it also expects the variables port and name. So maybe it is as easy as replacing iptables-multiport by firewallcmd-ipset.
Thoughts?
Thanks in advance,
Best Answer
You don't need to change anything. On CentOS 7, the default configuration will already include a configuration bit to set the fail2ban banaction to firewallcmd-ipset. This is in the
fail2ban-firewalldpackage, which should automatically be installed.You only need to make sure that you did not override the
banactionsomewhere else in your configuration.