Score:2

Fail2ban ipset - which conf to use?

in flag

I have read that iptables can be slow in case of large number of ip addresses and ipset is more preferred in that scenario. I would like to use ipset banaction but there are at least 3 of them, iptables-ipset-proto4.conf, iptable-ipset-proto6.conf, iptables-ipset-proto6-allports.conf, so which one to use?

OS: Ubuntu server 20.04
Webserver: Nginx
Fail2ban: 0.11.1
Ipset: 7.5

Score:2
il flag

Those actions are:

  • iptable-ipset-proto6 - multi-port action (can ban IP for single or multiple ports)
  • iptables-ipset-proto6-allports - allports action (bannig IP for all ports)
  • iptables-ipset-proto4 - old action for ipset before v6.14

To use it compatible to iptable actions behaviour, you can set it in your jail.local in default section (overwritting defaults of jail.conf) like here:

[DEFAULT]
banaction = iptable-ipset-proto6
banaction_allports = iptables-ipset-proto6-allports
Planplan avatar
eh flag
There's a small mistake in the jail.local example, you missed a S. It should be "banaction = iptables-ipset-proto6" But thanks for the comment, very useful to me !
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.