I want to run fail2ban on my mail server (TW) and I have been looking at various examples online. When I look at the default configuration files that get installed on TW I see a lot of differences. Some stuff I read online are already in the config on TW. Yet other stuff I can’t find, but I am not sure if it is needed. Some online config I found tell me I need to tell fail2ban I use firewalld, yet in the default configuration I see several mentions of firewallcmd-ipset.
Basically, I find it all very unclear as in how to do it right and what not to forget or do.
Is there some Suse manual / example for the fail2ban configuration on Suse? Every guide I find is very much different than the default config on Suse. I don’t feel this is ‘the way’ to enable such a tool on production mail servers without a decent explanation of what’s going on in that config.
I use fail2ban on Leap and never had any issues. Can’t remember how I set it up but essentially I just edited jail.local in accordance the general documentation and it all just worked for me. When my system upgraded from SUSE firewall to Firewald it was seamless and similarly with the move from iptables to nftables so most of the background stuff should be sorted. Just use jail.local to enable the jails you want and the various parameters, either globally on on a per jail basis, in the sections which are quit well commented from memory.
I wish I could be more helpful I am on a boat now for two weeks and have very limited internet or access to my configured server. When I am back I will be happy to help. If you can tell us exactly what you are trying to do we can probably be more helpful.
“When my system upgraded from SUSE firewall to Firewald it was seamless and similarly with the move from iptables to nftables so most of the background stuff should be sorted.”
Okay this is what I wanted to hear. I don’t really have a test system here with lots of incoming traffic to test on.
I’ll just go ahead and enable it. Thanks for your reply and enjoy your float