Fail2ban configuration for nginx using firewallcmd in CentOS 7

Mariano Martinez Peck asked:

Previously I have a CentOS 6.5 with Iptables and I configure some jails for nginx as suggested here: How To use fail2ban for Nginx?.

But now I am in CentOS 7, trying to use the new firewall and latest fail2ban as well. I know there is a new firewallcmd-ipset.conf. But I wonder how the code of the above link should be adapted to the new firewall and the new fail2ban.

Watching firewallcmd-ipset.conf it seems it also expects the variables port and name. So maybe it is as easy as replacing iptables-multiport by firewallcmd-ipset.

Thoughts?

Thanks in advance,

My answer:


You don’t need to change anything. On CentOS 7, the default configuration will already include a configuration bit to set the fail2ban banaction to firewallcmd-ipset. This is in the fail2ban-firewalld package, which should automatically be installed.

You only need to make sure that you did not override the banaction somewhere else in your configuration.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.