I've been using shorewall and fail2ban for a while now, but nftables is
soon replacing iptables, so it's time to consider some options.
Apparently fail2ban already supports nftables, but shorewall doesn't and
wont -
https://shorewall-users.narkive.com/aujuSpJ1/nftables-on-the-roadmap
My main problem with fail2ban is that it fails to ban. Or rather it does
ban, for that one rule I wrote myself, but not for any of the built in
rules, but then it releases the ban, even though I have told shorewall to
ban that particular IP. So the IP ends up being unbanned, coz fail2ban
says so.
Yes, I'm aware you can configure fail2ban to shift from temporary to
permanent bans for persistent rule breakers. Would be good if the built
in rules actually worked.
Right now there's a particular IP hitting that one rule, and no matter
what I do, even completely zapping fail2ban's database and leaving it
turned off, that IP keeps bypassing my firewall somehow.
So I'll eventually need a replacement for shorewall anyway, and I'd like
something similar to fail2ban that doesn't fail to ban. So the two
replacements have to get along with each other. None of this "bad IP can
get through coz the two fight over it" bullshit.
This has to run on my servers and desktop, so no GUI. I'm an experienced
sysadmin, text config is good.
Any suggestions?
--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.