Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2019-07-19 14:18:20 ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: Set fail2ban-ssh doesn't exist.
- Error occurred at line: 2
- Try `iptables-restore -h' or 'iptables-restore --help' for more information.
- firewalld[703]: WARNING: '/usr/sbin/iptables-restore --wait=2 -n' failed: iptables-restore v1.4.21: Set fail2ban-sshd doesn't exist.
- Error occurred at line: 2
- Try 'iptables-restore -h' or 'iptables-restore --help' for more information.
- firewalld[703]: ERROR: COMMAND_FAILED
- [DEFAULT]
- ignoreip = 127.0.0.0/8
- bantime = 86400
- findtime = 86400
- maxretry = 5
- # Override /etc/fail2ban/jail.d/00-firewalld.conf:
- banaction = firewallcmd-ipset
- [sshd]
- enabled = true
- [ssh]
- enabled = true
- filter = sshd
- action = %(action_)s
- logpath = /var/log/secure
- maxretry = 5
- sudo yum install firewalld
- sudo systemctl start firewalld
- sudo firewall-cmd --permanent --add-service=ssh
- sudo firewall-cmd --permanent --add-service=http
- sudo firewall-cmd --permanent --add-service=https
- sudo firewall-cmd --permanent --remove-service=smtp
- sudo systemctl enable firewalld
- # firewall-cmd --direct --get-all-rules
- ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable
- ipv4 filter INPUT 0 -p tcp -m multiport --dports 0:65535 -m set --match-set fail2ban-ssh src -j REJECT --reject-with icmp-port-unreachable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
