Buster forces a move to nftables, unfortunately fail2ban thinks it’s still using iptables, so nothing gets blocked. To fix ….
(fail2ban in Buster also seems to require systemd – and no longer reads from e.g. /var/log/mail.log, which is a bit disappointing but oh well…)
After messing about trying to get nftables working – where trying to use the default /etc/nftables.conf file just results in an error a bit like :
/etc/nftables.conf:6:15-19: Error: Could not process rule: No such file or directory
chain input {
I gave up, and found the Debian Wiki Page which gives :
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy update-alternatives --set arptables /usr/sbin/arptables-legacy update-alternatives --set ebtables /usr/sbin/ebtables-legacy
Which now allows fail2ban to actualy block things (via /var/log/fail2ban.log etc).
Hi,
did you take a look at https://wiki.meurisse.org/wiki/Fail2Ban ?
I’m currently thinking of using fail2ban on Debian buster and I would like to use the new framework nftables so I’m looking for good articles before doing it.
Regards.
Thanks – no I hadn’t seen that page before.
I’ve been finding that fail2ban is of less use over time – as more and more attacks are becoming properly distributed.