I have had quite a few IP addresses banned in the last few days (sshd = >2k) using the firewalld module to view the output no longer works webmin->networking->firewalld->List FirewallD Rules. What it does is display the first 2 smaller jails, about 20 entries in each and then ignores the rest.
I guess this indicates an issue with the firewalled module as the iptables module displays the coreect data & iptables from the command line gives the same results, not that I used the firewalld module for viewing the state of the firewall until I hit ‘refresh modules’ & both iptable modules were removed from the list as a quick if I cloned them and added them to the networking sub menu. I am not adverse to not having the iptables modules removed as long as the Firewalld module displayed the data it has in a similar way to the ip tables module
I use iptables-allports but as the ip’s are being added to the firewall rule set I don’t see this has anything to do with the firewalld display issue. I do have a second webmin/virtualmin system that is setup identical, this server only has 600 entries in the sshd jail and the firewalld module displays them fine
I thought firewalld is a frontend for iptables have look here I will say the bans are working fine, it’s simply the case that the firewalld virtualmin can not display the rules when there over a certain number
Well the above command showed only what webmin displays. To fix I restarted fail2ban after the long wait for fail2ban to reban everything webmin displayed all the data correctly. The only thing I may have done is to delete a record using the firewalld module rather than fail2ban, could this be the cause ?
As a side note within the firewalld module, when you get a large amount of entries could you split the into pages rather than one big page this is also true of the fail2ban module