How to log fail2ban packets in nftables

Nobody-Knows-I-am-a-Dog

5/24/23, 9:43 PM

I use fail2ban with an ssh jail.

In my nftables directory I have a configuration file

#!/usr/sbin/nft -f

table ip fail2ban {
    chain input {
        type filter hook input priority 100;
       log prefix "nft.fail2ban";
    }
}

which i include from nftables.conf. The log prefix gets redirected in rsyslogd.conf to a separate file.

The jail seems to work (as far as I can tell from fail2ban.log). However in the log of nftables I see every single packet i send to the machine. So probably there is something wrong with the way i couple fail2ban to nftables. I am following the setup from https://wiki.meurisse.org/wiki/Fail2Ban where i simply added the log to the /etc/nftables/fail2ban.conf.

What I want is a log entry for every fail2ban blocked packed. How would I do that?

0 + 0

fail2ban

nftables

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to log fail2ban packets in nftables

TH: วิธีบันทึกแพ็กเก็ตที่ล้มเหลวใน nftables

RO: Cum să înregistrați pachetele fail2ban în nftables

RU: Как регистрировать пакеты fail2ban в nftables

VI: Cách đăng nhập các gói fail2ban trong nftables

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.