Firewalld Module

I have had quite a few IP addresses banned in the last few days (sshd = >2k) using the firewalld module to view the output no longer works webmin->networking->firewalld->List FirewallD Rules. What it does is display the first 2 smaller jails, about 20 entries in each and then ignores the rest.

where as if you use The IP tables module you get this

I guess this indicates an issue with the firewalled module as the iptables module displays the coreect data & iptables from the command line gives the same results, not that I used the firewalld module for viewing the state of the firewall until I hit ‘refresh modules’ & both iptable modules were removed from the list as a quick if I cloned them and added them to the networking sub menu. I am not adverse to not having the iptables modules removed as long as the Firewalld module displayed the data it has in a similar way to the ip tables module

Assuming that you use fail2ban for the sshd blocks. Do you use allports as banaction for sshd?

I use iptables-allports but as the ip’s are being added to the firewall rule set I don’t see this has anything to do with the firewalld display issue. I do have a second webmin/virtualmin system that is setup identical, this server only has 600 entries in the sshd jail and the firewalld module displays them fine

The problem could be because firewalld and iptables are used at the same time. It is better to use
firewallcmd-allports as action.

There is currently also a problem with virtualmin setup where the default banaction = firewallcmd-ipset and the default banaction_allports = iptables-allports. This causes bans not to work.

I thought firewalld is a frontend for iptables have look here I will say the bans are working fine, it’s simply the case that the firewalld virtualmin can not display the rules when there over a certain number

From the page you are referring to:

While iptables commands are still available to FirewallD , it’s recommended to use only FirewallD commands.

If you use “iptables-allports” fail2ban bypasses firewalld which sometimes leads to trouble. But your problem may be an entirely different one.

Hello,

What is the output of the following command produces on that system?

firewall-cmd --direct --get-all-rules

Well the above command showed only what webmin displays. To fix I restarted fail2ban after the long wait for fail2ban to reban everything webmin displayed all the data correctly. The only thing I may have done is to delete a record using the firewalld module rather than fail2ban, could this be the cause ?
As a side note within the firewalld module, when you get a large amount of entries could you split the into pages rather than one big page this is also true of the fail2ban module

and perhaps have the ability just to unban selected addresses rather than the whole jail ?

Clicking on the IP should remove that IP only.

As a side note within the firewalld module, when you get a large amount of entries could you split the into pages rather than one big page this is also true of the fail2ban module

We will add this to our todo, thanks.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

I think the right solution would be is to make a completely different page with paginations to handle large amount of IP addresses.

I’m working on it. I will update this ticket with progress.

Alright, I have added a jail blocks listing in this commit:

It will display blocked IPs for a jail and will allow individually unblocking given IPs, e.g.:

However, I have not yet added pagination for a long list of entries. This will be done on the second commit within next few days. I will update this ticket with further progress.

This feature has been fully implemented for inclusion to the next Webmin release.