Hi,
this may or may not be related to this (https://www.virtualmin.com/node/35443) similar thread, but as it’s a bit old I’m starting a new one.
I have the following fail2ban jails activated:
- ssh-iptables (sshd)
- sasl-iptables (postfix-sasl)
- postfix-tcpwrapper (postfix)
- webmin-auth (webmin-auth)
- dovecot (dovecot)
- dovecot-auth (dovecot)
When I look at Webmin’s iptables page, I can only see these (see attached):
- Jump to chain fail2ban-dovecot
- Jump to chain fail2ban-SSH
- Jump to chain fail2ban-dovecot-auth
However, when I check iptables -L -n
I can see:
Chain f2b-webmin (0 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
which does not appear in Webmin.
I’m a bit unclear about the comment here (https://www.virtualmin.com/node/35443#comment-140998) that “Fail2ban dynamically adds/updates rules, whereas, by default, Webmin operates on the iptables save file.”
Are we saying that the chains that appear in Webmin’s iptables have been saved to file, but the others have not?
Another, possibly related issue, is that I see two entries for SSH and I’m unsure why:
Chain f2b-SSH (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
I’m probably missing something basic.
Could someone please help?
Thanks