diff --git a/README.md b/README.md index c394695..cd75b97 100644 --- a/README.md +++ b/README.md @@ -901,9 +901,9 @@ journalctl -u fail2ban-ui.service -f **Symptoms:** Fail2Ban fails to ban IPs with errors like: - `Extension multiport revision 0 not supported, missing kernel module?` - `iptables v1.8.11 (nf_tables): RULE_INSERT failed (No such file or directory)` -- `Error starting action Jail('jail-name')/iptables-multiport: 'Script error'` +- `Error starting action Jail('jail-name')/nftables-multiport: 'Script error'` -**Cause:** Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use **nftables** as the default firewall backend instead of legacy iptables. When Fail2Ban is configured to use `iptables-multiport` or `iptables-allports`, it attempts to use legacy iptables modules that are not available in nftables-based systems. +**Cause:** Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use **nftables** as the default firewall backend instead of legacy iptables. When Fail2Ban is configured to use `nftables-multiport` or `nftables-allports`, it attempts to use legacy iptables modules that are not available in nftables-based systems. **Solution:** @@ -915,7 +915,7 @@ journalctl -u fail2ban-ui.service -f 2. **For systems using firewalld (Rocky Linux / Red Hat):** - If your system uses `firewalld` as the firewall management tool, you can use: - - **Banaction**: `firewallcmd-multiport` + - **Banaction**: `firewallcmd-rich-rules` - **Banaction Allports**: `firewallcmd-allports` - Alternatively, you can still use `nftables-multiport` if firewalld is configured to use nftables backend (which is the default in RHEL 9+) @@ -931,7 +931,7 @@ journalctl -u fail2ban-ui.service -f **Note:** The Fail2Ban UI provides all common banaction options in the Settings dropdown, including: - `nftables-multiport` / `nftables-allports` (for nftables-based systems) -- `firewallcmd-multiport` / `firewallcmd-allports` (for firewalld-based systems) +- `firewallcmd-rich-rules` / `firewallcmd-allports` (for firewalld-based systems) - `iptables-multiport` / `iptables-allports` (for legacy iptables systems) After changing the banaction, Fail2Ban will automatically reload and apply the new configuration. diff --git a/deployment/container/README.md b/deployment/container/README.md index 695142a..2263408 100644 --- a/deployment/container/README.md +++ b/deployment/container/README.md @@ -383,7 +383,7 @@ Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use For systems using `firewalld` as the firewall management tool (common on Rocky Linux and Red Hat Enterprise Linux), you can use: -- **Banaction**: `firewallcmd-multiport` +- **Banaction**: `firewallcmd-rich-rules` - **Banaction Allports**: `firewallcmd-allports` Alternatively, if firewalld is configured to use the nftables backend (default in RHEL 9+), you can use `nftables-multiport` / `nftables-allports` as described above. diff --git a/internal/config/settings.go b/internal/config/settings.go index e2e4f01..c2d4d77 100644 --- a/internal/config/settings.go +++ b/internal/config/settings.go @@ -192,13 +192,7 @@ func JailLocalBanner() string { return jailLocalBanner } -const fail2banActionTemplate = `[INCLUDES] - -before = sendmail-common.conf - mail-whois-common.conf - helpers-common.conf - -[Definition] +const fail2banActionTemplate = `[Definition] # Bypass ban/unban for restored tickets norestored = 1 @@ -237,7 +231,7 @@ name = default # Path to log files containing relevant lines for the abuser IP logpath = /dev/null -# Number of log lines to include in the email +# Number of log lines to include in the callback grepmax = 200 grepopts = -m ` @@ -664,10 +658,10 @@ func setDefaultsLocked() { currentSettings.IgnoreIPs = []string{"127.0.0.1/8", "::1"} } if currentSettings.Banaction == "" { - currentSettings.Banaction = "iptables-multiport" + currentSettings.Banaction = "nftables-multiport" } if currentSettings.BanactionAllports == "" { - currentSettings.BanactionAllports = "iptables-allports" + currentSettings.BanactionAllports = "nftables-allports" } if currentSettings.GeoIPProvider == "" { currentSettings.GeoIPProvider = "builtin" @@ -736,11 +730,8 @@ func initializeFromJailFile() error { if val, ok := settings["banaction_allports"]; ok { currentSettings.BanactionAllports = val } - if val, ok := settings["destemail"]; ok { + /*if val, ok := settings["destemail"]; ok { currentSettings.Destemail = val - } - /*if val, ok := settings["sender"]; ok { - currentSettings.Sender = val }*/ return nil @@ -905,11 +896,11 @@ func ensureJailLocalStructure() error { // Set default banaction values if not set banaction := settings.Banaction if banaction == "" { - banaction = "iptables-multiport" + banaction = "nftables-multiport" } banactionAllports := settings.BanactionAllports if banactionAllports == "" { - banactionAllports = "iptables-allports" + banactionAllports = "nftables-allports" } defaultSection := fmt.Sprintf(`[DEFAULT] enabled = %t @@ -918,18 +909,18 @@ ignoreip = %s bantime = %s findtime = %s maxretry = %d -destemail = %s banaction = %s banaction_allports = %s -`, settings.DefaultJailEnable, settings.BantimeIncrement, ignoreIPStr, settings.Bantime, settings.Findtime, settings.Maxretry, settings.Destemail, banaction, banactionAllports) +`, settings.DefaultJailEnable, settings.BantimeIncrement, ignoreIPStr, settings.Bantime, settings.Findtime, settings.Maxretry, banaction, banactionAllports) // Build action_mwlg configuration // Note: action_mwlg depends on action_ which depends on banaction (now defined above) // The multi-line format uses indentation for continuation - actionMwlgConfig := `# Custom Fail2Ban action using geo-filter for email alerts + // ui-custom-action only needs logpath and chain + actionMwlgConfig := `# Custom Fail2Ban action for UI callbacks action_mwlg = %(action_)s - ui-custom-action[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] + ui-custom-action[logpath="%(logpath)s", chain="%(chain)s"] ` @@ -973,11 +964,11 @@ func updateJailLocalDefaultSection(settings AppSettings) error { // Set default banaction values if not set banaction := settings.Banaction if banaction == "" { - banaction = "iptables-multiport" + banaction = "nftables-multiport" } banactionAllports := settings.BanactionAllports if banactionAllports == "" { - banactionAllports = "iptables-allports" + banactionAllports = "nftables-allports" } // Keys to update keysToUpdate := map[string]string{ @@ -987,7 +978,6 @@ func updateJailLocalDefaultSection(settings AppSettings) error { "bantime": fmt.Sprintf("bantime = %s", settings.Bantime), "findtime": fmt.Sprintf("findtime = %s", settings.Findtime), "maxretry": fmt.Sprintf("maxretry = %d", settings.Maxretry), - "destemail": fmt.Sprintf("destemail = %s", settings.Destemail), "banaction": fmt.Sprintf("banaction = %s", banaction), "banaction_allports": fmt.Sprintf("banaction_allports = %s", banactionAllports), } diff --git a/internal/fail2ban/connector_agent.go b/internal/fail2ban/connector_agent.go index fce66eb..38525ee 100644 --- a/internal/fail2ban/connector_agent.go +++ b/internal/fail2ban/connector_agent.go @@ -418,11 +418,11 @@ func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings co // Set default banaction values if not set banaction := settings.Banaction if banaction == "" { - banaction = "iptables-multiport" + banaction = "nftables-multiport" } banactionAllports := settings.BanactionAllports if banactionAllports == "" { - banactionAllports = "iptables-allports" + banactionAllports = "nftables-allports" } payload := map[string]interface{}{ "bantimeIncrement": settings.BantimeIncrement, @@ -431,7 +431,6 @@ func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings co "bantime": settings.Bantime, "findtime": settings.Findtime, "maxretry": settings.Maxretry, - "destemail": settings.Destemail, "banaction": banaction, "banactionAllports": banactionAllports, } diff --git a/internal/fail2ban/connector_ssh.go b/internal/fail2ban/connector_ssh.go index f27c78c..4afec5c 100644 --- a/internal/fail2ban/connector_ssh.go +++ b/internal/fail2ban/connector_ssh.go @@ -1612,11 +1612,11 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf // Set default banaction values if not set banactionVal := settings.Banaction if banactionVal == "" { - banactionVal = "iptables-multiport" + banactionVal = "nftables-multiport" } banactionAllportsVal := settings.BanactionAllports if banactionAllportsVal == "" { - banactionAllportsVal = "iptables-allports" + banactionAllportsVal = "nftables-allports" } // Define the keys we want to update keysToUpdate := map[string]string{ @@ -1626,7 +1626,6 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf "bantime": fmt.Sprintf("bantime = %s", settings.Bantime), "findtime": fmt.Sprintf("findtime = %s", settings.Findtime), "maxretry": fmt.Sprintf("maxretry = %d", settings.Maxretry), - "destemail": fmt.Sprintf("destemail = %s", settings.Destemail), "banaction": fmt.Sprintf("banaction = %s", banactionVal), "banaction_allports": fmt.Sprintf("banaction_allports = %s", banactionAllportsVal), } @@ -1635,7 +1634,7 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf if existingContent == "" { // File doesn't exist, create new one with DEFAULT section defaultLines := []string{"[DEFAULT]"} - for _, key := range []string{"enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail", "banaction", "banaction_allports"} { + for _, key := range []string{"enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"} { defaultLines = append(defaultLines, keysToUpdate[key]) } defaultLines = append(defaultLines, "") @@ -1675,7 +1674,6 @@ bantime_increment_val = %s bantime_val = '%s' findtime_val = '%s' maxretry_val = %d -destemail_val = '%s' keys_to_update = { 'enabled': 'enabled = ' + str(default_jail_enable_val).lower(), 'bantime.increment': 'bantime.increment = ' + str(bantime_increment_val).lower(), @@ -1683,7 +1681,6 @@ keys_to_update = { 'bantime': 'bantime = ' + bantime_val, 'findtime': 'findtime = ' + findtime_val, 'maxretry': 'maxretry = ' + str(maxretry_val), - 'destemail': 'destemail = ' + destemail_val, 'banaction': 'banaction = ' + banaction_val, 'banaction_allports': 'banaction_allports = ' + banaction_allports_val } @@ -1736,13 +1733,13 @@ for line in lines: # If DEFAULT section wasn't found, create it at the beginning if not default_section_found: default_lines = ["[DEFAULT]\n"] - for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"]: + for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"]: default_lines.append(keys_to_update[key] + "\n") default_lines.append("\n") output_lines = default_lines + output_lines else: # Add any missing keys to the DEFAULT section - for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"]: + for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"]: if key not in keys_updated: # Find the DEFAULT section and insert after it for i, line in enumerate(output_lines): @@ -1752,7 +1749,7 @@ else: with open(jail_file, 'w') as f: f.writelines(output_lines) -PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), defaultJailEnablePython, bantimeIncrementPython, escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry, escapeForShell(settings.Destemail)) +PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), defaultJailEnablePython, bantimeIncrementPython, escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry) _, err = sc.runRemoteCommand(ctx, []string{updateScript}) return err @@ -1776,11 +1773,11 @@ func (sc *SSHConnector) EnsureJailLocalStructure(ctx context.Context) error { // Set default banaction values if not set banactionVal := settings.Banaction if banactionVal == "" { - banactionVal = "iptables-multiport" + banactionVal = "nftables-multiport" } banactionAllportsVal := settings.BanactionAllports if banactionAllportsVal == "" { - banactionAllportsVal = "iptables-allports" + banactionAllportsVal = "nftables-allports" } // Build the new jail.local content in Go (mirrors local ensureJailLocalStructure) @@ -1793,7 +1790,6 @@ ignoreip = %s bantime = %s findtime = %s maxretry = %d -destemail = %s banaction = %s banaction_allports = %s @@ -1804,14 +1800,13 @@ banaction_allports = %s settings.Bantime, settings.Findtime, settings.Maxretry, - settings.Destemail, banactionVal, banactionAllportsVal, ) - actionMwlgConfig := `# Custom Fail2Ban action using geo-filter for email alerts + actionMwlgConfig := `# Custom Fail2Ban action for UI callbacks action_mwlg = %(action_)s - ui-custom-action[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] + ui-custom-action[logpath="%(logpath)s", chain="%(chain)s"] ` diff --git a/internal/fail2ban/jail_management.go b/internal/fail2ban/jail_management.go index 095b6a8..06eaf6c 100644 --- a/internal/fail2ban/jail_management.go +++ b/internal/fail2ban/jail_management.go @@ -1230,11 +1230,11 @@ func UpdateDefaultSettingsLocal(settings config.AppSettings) error { // Set default banaction values if not set banaction := settings.Banaction if banaction == "" { - banaction = "iptables-multiport" + banaction = "nftables-multiport" } banactionAllports := settings.BanactionAllports if banactionAllports == "" { - banactionAllports = "iptables-allports" + banactionAllports = "nftables-allports" } // Define the keys we want to update keysToUpdate := map[string]string{ diff --git a/internal/locales/de.json b/internal/locales/de.json index a131390..24334d1 100644 --- a/internal/locales/de.json +++ b/internal/locales/de.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "Die Anzahl der Sekunden, für die ein Host gesperrt wird. Zeitformat: 1m = 1 Minute, 1h = 1 Stunde, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monat, 1y = 1 Jahr.", "settings.default_bantime_placeholder": "z.B. 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Standard-Sperraktion (z.B. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Wird verwendet, um action_* Variablen zu definieren.", + "settings.banaction.description": "Standard-Sperraktion (z.B. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Wird verwendet, um action_* Variablen zu definieren.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Sperraktion für alle Ports (z.B. iptables-allports, firewallcmd-allports, etc). Wird verwendet, wenn ein Jail alle Ports statt spezifischer Ports sperren muss.", + "settings.banaction_allports.description": "Sperraktion für alle Ports (z.B. nftables-allports, firewallcmd-allports, etc). Wird verwendet, wenn ein Jail alle Ports statt spezifischer Ports sperren muss.", "settings.default_findtime": "Standard-Findtime", "settings.default_findtime.description": "Ein Host wird gesperrt, wenn er in den letzten 'findtime' Sekunden 'maxretry' Fehler generiert hat. Zeitformat: 1m = 1 Minute, 1h = 1 Stunde, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monat, 1y = 1 Jahr.", "settings.default_findtime_placeholder": "z.B. 30m", diff --git a/internal/locales/de_ch.json b/internal/locales/de_ch.json index 0fa279e..274d8c1 100644 --- a/internal/locales/de_ch.json +++ b/internal/locales/de_ch.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "D Aazahl vo de Sekunde, wo ä Host gsperrt wird. Zytformat: 1m = 1 Minute, 1h = 1 Stund, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monet, 1y = 1 Jahr.", "settings.default_bantime_placeholder": "z.B. 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Standard-Sperraktione (z.B. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Wird brucht, zum action_* Variablen z definiere.", + "settings.banaction.description": "Standard-Sperraktione (z.B. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Wird brucht, zum action_* Variablen z definiere.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Sperraktione für alli Ports (z.B. iptables-allports, firewallcmd-allports, etc). Wird brucht, wänn ä Jail alli Ports statt spezifischi Ports sperre muess.", + "settings.banaction_allports.description": "Sperraktione für alli Ports (z.B. nftables-allports, firewallcmd-allports, etc). Wird brucht, wänn ä Jail alli Ports statt spezifischi Ports sperre muess.", "settings.default_findtime": "Standard-Findtime", "settings.default_findtime.description": "Ä Host wird gsperrt, wenn er i de letschte 'findtime' Sekunde 'maxretry' Fähler generiert het. Zytformat: 1m = 1 Minute, 1h = 1 Stund, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monet, 1y = 1 Jahr.", "settings.default_findtime_placeholder": "z.B. 30m", diff --git a/internal/locales/en.json b/internal/locales/en.json index 5360fab..0d9daf1 100644 --- a/internal/locales/en.json +++ b/internal/locales/en.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "The number of seconds that a host is banned. Time format: 1m = 1 minutes, 1h = 1 hour, 1d = 1 day, 1w = 1 week, 1mo = 1 month, 1y = 1 year.", "settings.default_bantime_placeholder": "e.g., 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Default banning action (e.g. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). It is used to define action_* variables.", + "settings.banaction.description": "Default banning action (e.g. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). It is used to define action_* variables.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Banning action for all ports (e.g. iptables-allports, firewallcmd-allports, etc). Used when a jail needs to ban all ports instead of specific ones.", + "settings.banaction_allports.description": "Banning action for all ports (e.g. nftables-allports, firewallcmd-allports, etc). Used when a jail needs to ban all ports instead of specific ones.", "settings.default_findtime": "Default Findtime", "settings.default_findtime.description": "A host is banned if it has generated 'maxretry' failures during the last 'findtime' seconds. Time format: 1m = 1 minutes, 1h = 1 hours, 1d = 1 days, 1w = 1 week, 1mo = 1 month, 1y = 1 year.", "settings.default_findtime_placeholder": "e.g., 30m", diff --git a/internal/locales/es.json b/internal/locales/es.json index f2616c9..6e98e27 100644 --- a/internal/locales/es.json +++ b/internal/locales/es.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "El número de segundos que un host está bloqueado. Formato de tiempo: 1m = 1 minutos, 1h = 1 horas, 1d = 1 días, 1w = 1 semana, 1mo = 1 mes, 1y = 1 año.", "settings.default_bantime_placeholder": "p.ej., 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Acción de bloqueo por defecto (p.ej. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Se utiliza para definir las variables action_*.", + "settings.banaction.description": "Acción de bloqueo por defecto (p.ej. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Se utiliza para definir las variables action_*.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Acción de bloqueo para todos los puertos (p.ej. iptables-allports, firewallcmd-allports, etc). Se utiliza cuando un jail necesita bloquear todos los puertos en lugar de puertos específicos.", + "settings.banaction_allports.description": "Acción de bloqueo para todos los puertos (p.ej. nftables-allports, firewallcmd-allports, etc). Se utiliza cuando un jail necesita bloquear todos los puertos en lugar de puertos específicos.", "settings.default_findtime": "Findtime por defecto", "settings.default_findtime.description": "Un host es bloqueado si ha generado 'maxretry' fallos durante los últimos 'findtime' segundos. Formato de tiempo: 1m = 1 minutos, 1h = 1 horas, 1d = 1 días, 1w = 1 semana, 1mo = 1 mes, 1y = 1 año.", "settings.default_findtime_placeholder": "p.ej., 30m", diff --git a/internal/locales/fr.json b/internal/locales/fr.json index 185b263..48f67ed 100644 --- a/internal/locales/fr.json +++ b/internal/locales/fr.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "Le nombre de secondes pendant lesquelles un hôte est banni. Format de temps : 1m = 1 minutes, 1h = 1 heures, 1d = 1 jours, 1w = 1 semaines, 1mo = 1 mois, 1y = 1 années.", "settings.default_bantime_placeholder": "par exemple, 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Action de bannissement par défaut (par ex. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Elle est utilisée pour définir les variables action_*.", + "settings.banaction.description": "Action de bannissement par défaut (par ex. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Elle est utilisée pour définir les variables action_*.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Action de bannissement pour tous les ports (par ex. iptables-allports, firewallcmd-allports, etc). Utilisée lorsqu'un jail doit bannir tous les ports au lieu de ports spécifiques.", + "settings.banaction_allports.description": "Action de bannissement pour tous les ports (par ex. nftables-allports, firewallcmd-allports, etc). Utilisée lorsqu'un jail doit bannir tous les ports au lieu de ports spécifiques.", "settings.default_findtime": "Findtime par défaut", "settings.default_findtime.description": "Un hôte est banni s'il a généré 'maxretry' échecs pendant les dernières 'findtime' secondes. Format de temps : 1m = 1 minutes, 1h = 1 heures, 1d = 1 jours, 1w = 1 semaines, 1mo = 1 mois, 1y = 1 années.", "settings.default_findtime_placeholder": "par exemple, 30m", diff --git a/internal/locales/it.json b/internal/locales/it.json index 718103c..7a96703 100644 --- a/internal/locales/it.json +++ b/internal/locales/it.json @@ -160,9 +160,9 @@ "settings.default_bantime.description": "Il numero di secondi per cui un host viene bannato. Formato tempo: 1m = 1 minuti, 1h = 1 ore, 1d = 1 giorni, 1w = 1 settimane, 1mo = 1 mesi, 1y = 1 anni.", "settings.default_bantime_placeholder": "es. 48h", "settings.banaction": "Banaction", - "settings.banaction.description": "Azione di ban predefinita (es. iptables-multiport, iptables-allports, firewallcmd-multiport, ecc). Viene utilizzata per definire le variabili action_*.", + "settings.banaction.description": "Azione di ban predefinita (es. nftables-multiport, nftables-allports, firewallcmd-rich-rules, ecc). Viene utilizzata per definire le variabili action_*.", "settings.banaction_allports": "Banaction Allports", - "settings.banaction_allports.description": "Azione di ban per tutte le porte (es. iptables-allports, firewallcmd-allports, ecc). Utilizzata quando un jail deve bannare tutte le porte invece di porte specifiche.", + "settings.banaction_allports.description": "Azione di ban per tutte le porte (es. nftables-allports, firewallcmd-allports, ecc). Utilizzata quando un jail deve bannare tutte le porte invece di porte specifiche.", "settings.default_findtime": "Findtime predefinito", "settings.default_findtime.description": "Un host viene bannato se ha generato 'maxretry' errori durante gli ultimi 'findtime' secondi. Formato tempo: 1m = 1 minuti, 1h = 1 ore, 1d = 1 giorni, 1w = 1 settimane, 1mo = 1 mesi, 1y = 1 anni.", "settings.default_findtime_placeholder": "es. 30m", diff --git a/pkg/web/static/js/settings.js b/pkg/web/static/js/settings.js index e213071..6030f9a 100644 --- a/pkg/web/static/js/settings.js +++ b/pkg/web/static/js/settings.js @@ -163,8 +163,8 @@ function loadSettings() { renderIgnoreIPsTags(ignoreIPs); // Load banaction settings - document.getElementById('banaction').value = data.banaction || 'iptables-multiport'; - document.getElementById('banactionAllports').value = data.banactionAllports || 'iptables-allports'; + document.getElementById('banaction').value = data.banaction || 'nftables-multiport'; + document.getElementById('banactionAllports').value = data.banactionAllports || 'nftables-allports'; applyAdvancedActionsSettings(data.advancedActions || {}); loadPermanentBlockLog(); diff --git a/pkg/web/templates/index.html b/pkg/web/templates/index.html index e523b3e..11ed67e 100644 --- a/pkg/web/templates/index.html +++ b/pkg/web/templates/index.html @@ -819,17 +819,8 @@
-

Default banning action (e.g. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). It is used to define action_* variables.

+

Default banning action (e.g. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). It is used to define action_* variables.

- - - - - - - - - @@ -876,6 +867,15 @@ + + + + + + + + +