fail2ban, Debian buster/10 and iptables vs nftables

Buster forces a move to nftables, unfortunately fail2ban thinks it’s still using iptables, so nothing gets blocked. To fix ….

(fail2ban in Buster also seems to require systemd – and no longer reads from e.g. /var/log/mail.log, which is a bit disappointing but oh well…)

After messing about trying to get nftables working – where trying to use the default /etc/nftables.conf file just results in an error a bit like :

/etc/nftables.conf:6:15-19: Error: Could not process rule: No such file or directory
chain input {

I gave up, and found the Debian Wiki Page which gives :

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy

Which now allows fail2ban to actualy block things (via /var/log/fail2ban.log etc).


Posted

in

by

Tags:

Comments

3 responses to “fail2ban, Debian buster/10 and iptables vs nftables”

  1. […] yet again, seems a case of replacing nft/nftables stuff with the legacy iptables counterparts […]

  2. Emmanuel ANDRE Avatar
    Emmanuel ANDRE

    Hi,
    did you take a look at https://wiki.meurisse.org/wiki/Fail2Ban ?
    I’m currently thinking of using fail2ban on Debian buster and I would like to use the new framework nftables so I’m looking for good articles before doing it.
    Regards.

  3. David Goodwin Avatar

    Thanks – no I hadn’t seen that page before.

    I’ve been finding that fail2ban is of less use over time – as more and more attacks are becoming properly distributed.

Leave a Reply

Your email address will not be published. Required fields are marked *