centos8 fail2ban not working

user2236794 asked:

I am running fail2ban on CentOS 8 with ssh and Nginx configured. They both are showing ip’s being blocked when I do the fail2ban-client status , but they are not actually being blocked by firewalld. I am being bombarded with ssh attacks and nothing is happening on the firewall side. I am running "tcpdump – i any port 80 or port 443 or port 22" and seeing multiple failed attempts. Again fail2ban sees them and says they are banned, but they are not actually baned. Any suggestions??

[DEFAULT] 
ignoreip = 127.0.0.1 192.168.1.0/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd] 
enabled = true

[nginx-http-auth]
enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/gitlab/nginx/error.log

[nginx-noscript]
enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 6

[nginx-badbots]
enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-nohome]
enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-noproxy]
enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab_error.log

My answer:


If you’re actually using firewalld, make sure you use a firewalld-compatible banaction such as firewallcmd-ipset.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.