Bitácora

fail2ban with nftables in CentOS 8

 linux  118  1 min

By default CentOS uses nftables instead of iptables.

When installing fail2ban on CentOS 8, it will still use iptables by default (as of package fail2ban-0.11.1-10.el8.src.rpm in epel repository, banaction is set to iptables-multiport).

To make fail2ban use nftables, set banaction in /etc/fail2ban/jail.local:

banaction = nftables

fail2ban will create table inet f2b-table:

# nft list tables
...
table inet f2b-table

To see table current rules (the example below is showing 2 banned IPs):

# nft list table inet f2b-table
table inet f2b-table {
        set addr-set-sshd {
                type ipv4_addr
                elements = { 45.14.224.43, 68.183.205.103 }
        }

        chain INPUT {
                type filter hook input priority filter - 1; policy accept;
                tcp dport { 22 } ip saddr @addr-set-sshd reject
        }
}
updatedupdated2020-10-172020-10-17