Menu
▾
▴
#71 Unnecessary dependance from iptables
fail2ban is a daemon which analyses/filters a log and then takes an action. There is no reason for making those actions dependent from iptables.
I started fail2ban with systemd with no firewall rules. Then I provided some rules. I wondered why no triggered action got performed. I restarted fail2ban and all things worked all right. On the other hand fail2ban works fine when started with a configured firewall in place. This behaviour is a buggy design. Fail2ban actions should depend on log files only not on rules and chains of iptables. May be there is an argument I miss since I use fail2ban not only for banning annoying IPs but also for arbitrary actions on a server.