Configuring Fail2ban to work with firewalld
This document (000021067) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server for SAP Applications 15 SP4
# Do all your modifications to the jail's configuration in jail.local! [DEFAULT] banaction = firewallcmd-rich-rules[actiontype=<multiport>] banaction_allports = firewallcmd-rich-rules[actiontype=<allports>] [sshd] enabled = true
2) Restart Fail2ban service:
systemctl restart fail2ban.service
When Fail2ban blocks an IP it will also add a related rich rule to firewalld.
To verify all the firewalld rich rules:
Fail2ban deletes the rich rules from firewalld when Fail2ban service is stopped or the jail (in this case the [sshd] jail) is stopped (fail2ban-client stop sshd).
jail.conf man page: https://manpages.opensuse.org/Tumbleweed/fail2ban/jail.conf.5.en.html
Firewalld : https://firewalld.org/
Firewalld runtime vs permanent: https://firewalld.org/documentation/configuration/runtime-versus-permanent.html
Please note: Fail2ban package is supported only on SLES 15 SP4 and later versions. In previous releases of SLES Fail2ban is provided only through SUSE Package Hub. While the packages from the SUSE Package Hub are not officially supported by SUSE, SUSE Linux Enterprise Server remains supported and supportable when using these packages.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021067
- Creation Date: 12-May-2023
- Modified Date:16-May-2023
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com