Fail2ban configuration for nginx using firewallcmd in CentOS 7

nginx fail2ban centos7 firewalld

Previously I have a CentOS 6.5 with Iptables and I configure some jails for nginx as suggested here: How To use fail2ban for Nginx?.

But now I am in CentOS 7, trying to use the new firewall and latest fail2ban as well. I know there is a new firewallcmd-ipset.conf. But I wonder how the code of the above link should be adapted to the new firewall and the new fail2ban.

Watching firewallcmd-ipset.conf it seems it also expects the variables port and name. So maybe it is as easy as replacing iptables-multiport by firewallcmd-ipset.

Thoughts?

Thanks in advance,


You don't need to change anything. On CentOS 7, the default configuration will already include a configuration bit to set the fail2ban banaction to firewallcmd-ipset. This is in the fail2ban-firewalld package, which should automatically be installed.

You only need to make sure that you did not override the banaction somewhere else in your configuration.

Related

Unable reset settings in .bashrc without stopping updates
Force apache start after mysql
Avoid user lookup in active directory trusted domains from samba
How does a NetBoot server advertise itself?
sudo -u fails with env: -u: No such file or directory
dpkg: error processing linux-image-amd64
SNMP over the internet
Determine which process owns an flock'ed file
Mount --bind versus symlinks
MySQL stopped working - Error 2002 - Unknown Instance
Sophos access a webserver from the web
OpenVPN - Client traffic is not entirely routed through VPN