|SYSTEM INFORMATION||
Webmin 1.981
Virtualmin 6.17
I do have installed fail2ban and see the chain f2b-proftpd in “Linux Firewall” section:
But if I open the cli, and have a loock at fail2ban.log or auth.log, I see, that this IP still try to access the server. So it seems not to be blocked by the Firewall-Rule:
Any Idea, why fail2ban detect the intrusion, but iptables don’t block it?
what’s your firewall? does fail2ban use that action or some default? could be that case…
@dimitrist
It’s an default webmin installation. I think it’s IPTables as firewall ?!? How can I check this?
In the Webmin-UI I do use “firewallD”
I didn’t add any fail2ban zone manually, so I think fail2ban setup had created it.
if you use firewalld, you probably should set banaction in /etc/fail2ban/jail.local or any custom conf, to some relative action. eg.
banaction = firewallcmd-ipset
(not sure about it though, never used firewalld.)
ah, that’s might be the issue. Didn’t know that this is needed.
My current config-file looks like this:
Where can I see which banaction-parameter are possible?
all action files are here : /etc/fail2ban/action.d/
webmin → fail2ban → Match Actions
