Fail2ban configuration for nginx using firewallcmd in CentOS 7

Previously I have a CentOS 6.5 with Iptables and I configure some jails for nginx as suggested here: How To use fail2ban for Nginx?.

But now I am in CentOS 7, trying to use the new firewall and latest fail2ban as well. I know there is a new firewallcmd-ipset.conf. But I wonder how the code of the above link should be adapted to the new firewall and the new fail2ban.

Watching firewallcmd-ipset.conf it seems it also expects the variables port and name. So maybe it is as easy as replacing iptables-multiport by firewallcmd-ipset.

Thoughts?

Thanks in advance,


You don't need to change anything. On CentOS 7, the default configuration will already include a configuration bit to set the fail2ban banaction to firewallcmd-ipset. This is in the fail2ban-firewalld package, which should automatically be installed.

You only need to make sure that you did not override the banaction somewhere else in your configuration.