puppet-fail2ban icon indicating copy to clipboard operation
puppet-fail2ban copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Still defaults to iptables instead of netfilter on distro that are using the later

Open bigon opened this issue 1 month ago • 2 comments

Hello,

The module is still defaulting to iptables even on on distributions (like debian) that are now using netfilter by default

On debian 13, the following banaction and banaction_allports are set in the default configuration of the package but are reverted by puppet:

banaction = nftables
banaction_allports = nftables[type=allports]

Probably same for other distributions

bigon avatar Oct 21 '25 10:10 bigon

Note that the values are set by a snippet (/etc/fail2ban/jail.d/defaults-debian.conf) installed on the filesystem and not the main configuration files

bigon avatar Oct 21 '25 10:10 bigon

@bigon are you interested in providing a PR that switches to nftables?

bastelfreak avatar Oct 21 '25 11:10 bastelfreak