Use of firewall and fail2ban plugin

  • Hello,


    I've noticed several issues with using the OMV "firewall" :


    - If entering manual "firewall" rules in the firewall section, it will delete rules inserted by the fail2ban plugin, which will defeat fail2ban completely.


    - One cannot restore them manually, as the "firewall" module doesn't accept a target being another chain. Only "ACCEPT" "DROP" "REJECT" are accepted, which is far to little.


    - When entering iptables rules, the interface happily accepts them an lists them ; however, once applied, a console "iptables -vL" shows that some rules that the interface happily accepted were not applied at all, and are just missing without any error notice.


    - How would I be supposed to enter such a rule in INPUT :


    Code
    iptables -A INPUT -p tcp --dport 113 -j REJECT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


    These are the kind of rules that I seem unable to enter...


    TIA, kind regards.

    • Offizieller Beitrag

    The intention of the current UI is not to create rules with all available features, instead it should allow the user to create some easy rules quickly.


    But we are happy about every contribution, maybe you can enhance the UI and backend in a usable and understandable way for novices which reflects all iptables features.


    Power users should use the Debian ifupdown framework to apply their rules.

  • I knew I answered part of your question. It would take some time to investigate fail2ban's interaction with OMV's firewall. The guy that worked on fail2ban is pr_bond. That is what his user show's on github and I think it is the same in forums. I would try to pm him.


    @pr_bond

  • Hi all,


    Zitat

    - If entering manual "firewall" rules in the firewall section, it will delete rules inserted by the fail2ban plugin, which will defeat fail2ban completely.


    After entering manual "firewall" rules you NEED to restart fail2ban service.
    Fail2ban own add rules at startup, it is the normal way.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!