Remove deprecations with email distribution to remote hosts, this is not used anymore since f2b-ui sends the mails

README.md

@@ -901,9 +901,9 @@ journalctl -u fail2ban-ui.service -f
 **Symptoms:** Fail2Ban fails to ban IPs with errors like:
 - `Extension multiport revision 0 not supported, missing kernel module?`
 - `iptables v1.8.11 (nf_tables): RULE_INSERT failed (No such file or directory)`
-- `Error starting action Jail('jail-name')/iptables-multiport: 'Script error'`
+- `Error starting action Jail('jail-name')/nftables-multiport: 'Script error'`
 
-**Cause:** Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use **nftables** as the default firewall backend instead of legacy iptables. When Fail2Ban is configured to use `iptables-multiport` or `iptables-allports`, it attempts to use legacy iptables modules that are not available in nftables-based systems.
+**Cause:** Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use **nftables** as the default firewall backend instead of legacy iptables. When Fail2Ban is configured to use `nftables-multiport` or `nftables-allports`, it attempts to use legacy iptables modules that are not available in nftables-based systems.
 
 **Solution:**
 
@@ -915,7 +915,7 @@ journalctl -u fail2ban-ui.service -f
 
 2. **For systems using firewalld (Rocky Linux / Red Hat):**
    - If your system uses `firewalld` as the firewall management tool, you can use:
-     - **Banaction**: `firewallcmd-multiport`
+     - **Banaction**: `firewallcmd-rich-rules`
      - **Banaction Allports**: `firewallcmd-allports`
    - Alternatively, you can still use `nftables-multiport` if firewalld is configured to use nftables backend (which is the default in RHEL 9+)
 
@@ -931,7 +931,7 @@ journalctl -u fail2ban-ui.service -f
 
 **Note:** The Fail2Ban UI provides all common banaction options in the Settings dropdown, including:
 - `nftables-multiport` / `nftables-allports` (for nftables-based systems)
-- `firewallcmd-multiport` / `firewallcmd-allports` (for firewalld-based systems)
+- `firewallcmd-rich-rules` / `firewallcmd-allports` (for firewalld-based systems)
 - `iptables-multiport` / `iptables-allports` (for legacy iptables systems)
 
 After changing the banaction, Fail2Ban will automatically reload and apply the new configuration.

deployment/container/README.md

@@ -383,7 +383,7 @@ Modern Linux distributions (Rocky Linux 9+, RHEL 9+, Fedora 36+, Debian 12+) use
 
 For systems using `firewalld` as the firewall management tool (common on Rocky Linux and Red Hat Enterprise Linux), you can use:
 
-- **Banaction**: `firewallcmd-multiport`
+- **Banaction**: `firewallcmd-rich-rules`
 - **Banaction Allports**: `firewallcmd-allports`
 
 Alternatively, if firewalld is configured to use the nftables backend (default in RHEL 9+), you can use `nftables-multiport` / `nftables-allports` as described above.

internal/config/settings.go

@@ -192,13 +192,7 @@ func JailLocalBanner() string {
 	return jailLocalBanner
 }
 
-const fail2banActionTemplate = `[INCLUDES]
+const fail2banActionTemplate = `[Definition]
-
-before = sendmail-common.conf
-         mail-whois-common.conf
-         helpers-common.conf
-
-[Definition]
 
 # Bypass ban/unban for restored tickets
 norestored = 1
@@ -237,7 +231,7 @@ name = default
 # Path to log files containing relevant lines for the abuser IP
 logpath = /dev/null
 
-# Number of log lines to include in the email
+# Number of log lines to include in the callback
 grepmax = 200
 grepopts = -m <grepmax>`
 
@@ -664,10 +658,10 @@ func setDefaultsLocked() {
 		currentSettings.IgnoreIPs = []string{"127.0.0.1/8", "::1"}
 	}
 	if currentSettings.Banaction == "" {
-		currentSettings.Banaction = "iptables-multiport"
+		currentSettings.Banaction = "nftables-multiport"
 	}
 	if currentSettings.BanactionAllports == "" {
-		currentSettings.BanactionAllports = "iptables-allports"
+		currentSettings.BanactionAllports = "nftables-allports"
 	}
 	if currentSettings.GeoIPProvider == "" {
 		currentSettings.GeoIPProvider = "builtin"
@@ -736,11 +730,8 @@ func initializeFromJailFile() error {
 	if val, ok := settings["banaction_allports"]; ok {
 		currentSettings.BanactionAllports = val
 	}
-	if val, ok := settings["destemail"]; ok {
+	/*if val, ok := settings["destemail"]; ok {
 		currentSettings.Destemail = val
-	}
-	/*if val, ok := settings["sender"]; ok {
-		currentSettings.Sender = val
 	}*/
 
 	return nil
@@ -905,11 +896,11 @@ func ensureJailLocalStructure() error {
 	// Set default banaction values if not set
 	banaction := settings.Banaction
 	if banaction == "" {
-		banaction = "iptables-multiport"
+		banaction = "nftables-multiport"
 	}
 	banactionAllports := settings.BanactionAllports
 	if banactionAllports == "" {
-		banactionAllports = "iptables-allports"
+		banactionAllports = "nftables-allports"
 	}
 	defaultSection := fmt.Sprintf(`[DEFAULT]
 enabled = %t
@@ -918,18 +909,18 @@ ignoreip = %s
 bantime = %s
 findtime = %s
 maxretry = %d
-destemail = %s
 banaction = %s
 banaction_allports = %s
 
-`, settings.DefaultJailEnable, settings.BantimeIncrement, ignoreIPStr, settings.Bantime, settings.Findtime, settings.Maxretry, settings.Destemail, banaction, banactionAllports)
+`, settings.DefaultJailEnable, settings.BantimeIncrement, ignoreIPStr, settings.Bantime, settings.Findtime, settings.Maxretry, banaction, banactionAllports)
 
 	// Build action_mwlg configuration
 	// Note: action_mwlg depends on action_ which depends on banaction (now defined above)
 	// The multi-line format uses indentation for continuation
-	actionMwlgConfig := `# Custom Fail2Ban action using geo-filter for email alerts
+	// ui-custom-action only needs logpath and chain
+	actionMwlgConfig := `# Custom Fail2Ban action for UI callbacks
 action_mwlg = %(action_)s
-             ui-custom-action[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
+             ui-custom-action[logpath="%(logpath)s", chain="%(chain)s"]
 
 `
 
@@ -973,11 +964,11 @@ func updateJailLocalDefaultSection(settings AppSettings) error {
 	// Set default banaction values if not set
 	banaction := settings.Banaction
 	if banaction == "" {
-		banaction = "iptables-multiport"
+		banaction = "nftables-multiport"
 	}
 	banactionAllports := settings.BanactionAllports
 	if banactionAllports == "" {
-		banactionAllports = "iptables-allports"
+		banactionAllports = "nftables-allports"
 	}
 	// Keys to update
 	keysToUpdate := map[string]string{
@@ -987,7 +978,6 @@ func updateJailLocalDefaultSection(settings AppSettings) error {
 		"bantime":            fmt.Sprintf("bantime = %s", settings.Bantime),
 		"findtime":           fmt.Sprintf("findtime = %s", settings.Findtime),
 		"maxretry":           fmt.Sprintf("maxretry = %d", settings.Maxretry),
-		"destemail":          fmt.Sprintf("destemail = %s", settings.Destemail),
 		"banaction":          fmt.Sprintf("banaction = %s", banaction),
 		"banaction_allports": fmt.Sprintf("banaction_allports = %s", banactionAllports),
 	}

internal/fail2ban/connector_agent.go

@@ -418,11 +418,11 @@ func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings co
 	// Set default banaction values if not set
 	banaction := settings.Banaction
 	if banaction == "" {
-		banaction = "iptables-multiport"
+		banaction = "nftables-multiport"
 	}
 	banactionAllports := settings.BanactionAllports
 	if banactionAllports == "" {
-		banactionAllports = "iptables-allports"
+		banactionAllports = "nftables-allports"
 	}
 	payload := map[string]interface{}{
 		"bantimeIncrement":  settings.BantimeIncrement,
@@ -431,7 +431,6 @@ func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings co
 		"bantime":           settings.Bantime,
 		"findtime":          settings.Findtime,
 		"maxretry":          settings.Maxretry,
-		"destemail":         settings.Destemail,
 		"banaction":         banaction,
 		"banactionAllports": banactionAllports,
 	}

internal/fail2ban/connector_ssh.go

@@ -1612,11 +1612,11 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf
 	// Set default banaction values if not set
 	banactionVal := settings.Banaction
 	if banactionVal == "" {
-		banactionVal = "iptables-multiport"
+		banactionVal = "nftables-multiport"
 	}
 	banactionAllportsVal := settings.BanactionAllports
 	if banactionAllportsVal == "" {
-		banactionAllportsVal = "iptables-allports"
+		banactionAllportsVal = "nftables-allports"
 	}
 	// Define the keys we want to update
 	keysToUpdate := map[string]string{
@@ -1626,7 +1626,6 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf
 		"bantime":            fmt.Sprintf("bantime = %s", settings.Bantime),
 		"findtime":           fmt.Sprintf("findtime = %s", settings.Findtime),
 		"maxretry":           fmt.Sprintf("maxretry = %d", settings.Maxretry),
-		"destemail":          fmt.Sprintf("destemail = %s", settings.Destemail),
 		"banaction":          fmt.Sprintf("banaction = %s", banactionVal),
 		"banaction_allports": fmt.Sprintf("banaction_allports = %s", banactionAllportsVal),
 	}
@@ -1635,7 +1634,7 @@ func (sc *SSHConnector) UpdateDefaultSettings(ctx context.Context, settings conf
 	if existingContent == "" {
 		// File doesn't exist, create new one with DEFAULT section
 		defaultLines := []string{"[DEFAULT]"}
-		for _, key := range []string{"enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail", "banaction", "banaction_allports"} {
+		for _, key := range []string{"enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"} {
 			defaultLines = append(defaultLines, keysToUpdate[key])
 		}
 		defaultLines = append(defaultLines, "")
@@ -1675,7 +1674,6 @@ bantime_increment_val = %s
 bantime_val = '%s'
 findtime_val = '%s'
 maxretry_val = %d
-destemail_val = '%s'
 keys_to_update = {
     'enabled': 'enabled = ' + str(default_jail_enable_val).lower(),
     'bantime.increment': 'bantime.increment = ' + str(bantime_increment_val).lower(),
@@ -1683,7 +1681,6 @@ keys_to_update = {
     'bantime': 'bantime = ' + bantime_val,
     'findtime': 'findtime = ' + findtime_val,
     'maxretry': 'maxretry = ' + str(maxretry_val),
-    'destemail': 'destemail = ' + destemail_val,
     'banaction': 'banaction = ' + banaction_val,
     'banaction_allports': 'banaction_allports = ' + banaction_allports_val
 }
@@ -1736,13 +1733,13 @@ for line in lines:
 # If DEFAULT section wasn't found, create it at the beginning
 if not default_section_found:
     default_lines = ["[DEFAULT]\n"]
-    for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"]:
+    for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"]:
         default_lines.append(keys_to_update[key] + "\n")
     default_lines.append("\n")
     output_lines = default_lines + output_lines
 else:
     # Add any missing keys to the DEFAULT section
-    for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"]:
+    for key in ["enabled", "bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "banaction", "banaction_allports"]:
         if key not in keys_updated:
             # Find the DEFAULT section and insert after it
             for i, line in enumerate(output_lines):
@@ -1752,7 +1749,7 @@ else:
 
 with open(jail_file, 'w') as f:
     f.writelines(output_lines)
-PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), defaultJailEnablePython, bantimeIncrementPython, escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry, escapeForShell(settings.Destemail))
+PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), defaultJailEnablePython, bantimeIncrementPython, escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry)
 
 	_, err = sc.runRemoteCommand(ctx, []string{updateScript})
 	return err
@@ -1776,11 +1773,11 @@ func (sc *SSHConnector) EnsureJailLocalStructure(ctx context.Context) error {
 	// Set default banaction values if not set
 	banactionVal := settings.Banaction
 	if banactionVal == "" {
-		banactionVal = "iptables-multiport"
+		banactionVal = "nftables-multiport"
 	}
 	banactionAllportsVal := settings.BanactionAllports
 	if banactionAllportsVal == "" {
-		banactionAllportsVal = "iptables-allports"
+		banactionAllportsVal = "nftables-allports"
 	}
 
 	// Build the new jail.local content in Go (mirrors local ensureJailLocalStructure)
@@ -1793,7 +1790,6 @@ ignoreip = %s
 bantime = %s
 findtime = %s
 maxretry = %d
-destemail = %s
 banaction = %s
 banaction_allports = %s
 
@@ -1804,14 +1800,13 @@ banaction_allports = %s
 		settings.Bantime,
 		settings.Findtime,
 		settings.Maxretry,
-		settings.Destemail,
 		banactionVal,
 		banactionAllportsVal,
 	)
 
-	actionMwlgConfig := `# Custom Fail2Ban action using geo-filter for email alerts
+	actionMwlgConfig := `# Custom Fail2Ban action for UI callbacks
 action_mwlg = %(action_)s
-             ui-custom-action[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
+             ui-custom-action[logpath="%(logpath)s", chain="%(chain)s"]
 
 `
 

internal/fail2ban/jail_management.go

@@ -1230,11 +1230,11 @@ func UpdateDefaultSettingsLocal(settings config.AppSettings) error {
 	// Set default banaction values if not set
 	banaction := settings.Banaction
 	if banaction == "" {
-		banaction = "iptables-multiport"
+		banaction = "nftables-multiport"
 	}
 	banactionAllports := settings.BanactionAllports
 	if banactionAllports == "" {
-		banactionAllports = "iptables-allports"
+		banactionAllports = "nftables-allports"
 	}
 	// Define the keys we want to update
 	keysToUpdate := map[string]string{

internal/locales/de.json

@@ -160,9 +160,9 @@
     "settings.default_bantime.description": "Die Anzahl der Sekunden, für die ein Host gesperrt wird. Zeitformat: 1m = 1 Minute, 1h = 1 Stunde, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monat, 1y = 1 Jahr.",
     "settings.default_bantime_placeholder": "z.B. 48h",
     "settings.banaction": "Banaction",
-    "settings.banaction.description": "Standard-Sperraktion (z.B. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Wird verwendet, um action_* Variablen zu definieren.",
+    "settings.banaction.description": "Standard-Sperraktion (z.B. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Wird verwendet, um action_* Variablen zu definieren.",
     "settings.banaction_allports": "Banaction Allports",
-    "settings.banaction_allports.description": "Sperraktion für alle Ports (z.B. iptables-allports, firewallcmd-allports, etc). Wird verwendet, wenn ein Jail alle Ports statt spezifischer Ports sperren muss.",
+    "settings.banaction_allports.description": "Sperraktion für alle Ports (z.B. nftables-allports, firewallcmd-allports, etc). Wird verwendet, wenn ein Jail alle Ports statt spezifischer Ports sperren muss.",
     "settings.default_findtime": "Standard-Findtime",
     "settings.default_findtime.description": "Ein Host wird gesperrt, wenn er in den letzten 'findtime' Sekunden 'maxretry' Fehler generiert hat. Zeitformat: 1m = 1 Minute, 1h = 1 Stunde, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monat, 1y = 1 Jahr.",
     "settings.default_findtime_placeholder": "z.B. 30m",

internal/locales/de_ch.json

@@ -160,9 +160,9 @@
     "settings.default_bantime.description": "D Aazahl vo de Sekunde, wo ä Host gsperrt wird. Zytformat: 1m = 1 Minute, 1h = 1 Stund, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monet, 1y = 1 Jahr.",
     "settings.default_bantime_placeholder": "z.B. 48h",
     "settings.banaction": "Banaction",
-    "settings.banaction.description": "Standard-Sperraktione (z.B. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Wird brucht, zum action_* Variablen z definiere.",
+    "settings.banaction.description": "Standard-Sperraktione (z.B. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Wird brucht, zum action_* Variablen z definiere.",
     "settings.banaction_allports": "Banaction Allports",
-    "settings.banaction_allports.description": "Sperraktione für alli Ports (z.B. iptables-allports, firewallcmd-allports, etc). Wird brucht, wänn ä Jail alli Ports statt spezifischi Ports sperre muess.",
+    "settings.banaction_allports.description": "Sperraktione für alli Ports (z.B. nftables-allports, firewallcmd-allports, etc). Wird brucht, wänn ä Jail alli Ports statt spezifischi Ports sperre muess.",
     "settings.default_findtime": "Standard-Findtime",
     "settings.default_findtime.description": "Ä Host wird gsperrt, wenn er i de letschte 'findtime' Sekunde 'maxretry' Fähler generiert het. Zytformat: 1m = 1 Minute, 1h = 1 Stund, 1d = 1 Tag, 1w = 1 Woche, 1mo = 1 Monet, 1y = 1 Jahr.",
     "settings.default_findtime_placeholder": "z.B. 30m",

internal/locales/en.json

@@ -160,9 +160,9 @@
     "settings.default_bantime.description": "The number of seconds that a host is banned. Time format: 1m = 1 minutes, 1h = 1 hour, 1d = 1 day, 1w = 1 week, 1mo = 1 month, 1y = 1 year.",
     "settings.default_bantime_placeholder": "e.g., 48h",
     "settings.banaction": "Banaction",
-    "settings.banaction.description": "Default banning action (e.g. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). It is used to define action_* variables.",
+    "settings.banaction.description": "Default banning action (e.g. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). It is used to define action_* variables.",
     "settings.banaction_allports": "Banaction Allports",
-    "settings.banaction_allports.description": "Banning action for all ports (e.g. iptables-allports, firewallcmd-allports, etc). Used when a jail needs to ban all ports instead of specific ones.",
+    "settings.banaction_allports.description": "Banning action for all ports (e.g. nftables-allports, firewallcmd-allports, etc). Used when a jail needs to ban all ports instead of specific ones.",
     "settings.default_findtime": "Default Findtime",
     "settings.default_findtime.description": "A host is banned if it has generated 'maxretry' failures during the last 'findtime' seconds. Time format: 1m = 1 minutes, 1h = 1 hours, 1d = 1 days, 1w = 1 week, 1mo = 1 month, 1y = 1 year.",
     "settings.default_findtime_placeholder": "e.g., 30m",

internal/locales/es.json

@@ -160,9 +160,9 @@
   "settings.default_bantime.description": "El número de segundos que un host está bloqueado. Formato de tiempo: 1m = 1 minutos, 1h = 1 horas, 1d = 1 días, 1w = 1 semana, 1mo = 1 mes, 1y = 1 año.",
   "settings.default_bantime_placeholder": "p.ej., 48h",
   "settings.banaction": "Banaction",
-  "settings.banaction.description": "Acción de bloqueo por defecto (p.ej. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Se utiliza para definir las variables action_*.",
+  "settings.banaction.description": "Acción de bloqueo por defecto (p.ej. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Se utiliza para definir las variables action_*.",
   "settings.banaction_allports": "Banaction Allports",
-  "settings.banaction_allports.description": "Acción de bloqueo para todos los puertos (p.ej. iptables-allports, firewallcmd-allports, etc). Se utiliza cuando un jail necesita bloquear todos los puertos en lugar de puertos específicos.",
+  "settings.banaction_allports.description": "Acción de bloqueo para todos los puertos (p.ej. nftables-allports, firewallcmd-allports, etc). Se utiliza cuando un jail necesita bloquear todos los puertos en lugar de puertos específicos.",
   "settings.default_findtime": "Findtime por defecto",
   "settings.default_findtime.description": "Un host es bloqueado si ha generado 'maxretry' fallos durante los últimos 'findtime' segundos. Formato de tiempo: 1m = 1 minutos, 1h = 1 horas, 1d = 1 días, 1w = 1 semana, 1mo = 1 mes, 1y = 1 año.",
   "settings.default_findtime_placeholder": "p.ej., 30m",

internal/locales/fr.json

@@ -160,9 +160,9 @@
   "settings.default_bantime.description": "Le nombre de secondes pendant lesquelles un hôte est banni. Format de temps : 1m = 1 minutes, 1h = 1 heures, 1d = 1 jours, 1w = 1 semaines, 1mo = 1 mois, 1y = 1 années.",
   "settings.default_bantime_placeholder": "par exemple, 48h",
   "settings.banaction": "Banaction",
-  "settings.banaction.description": "Action de bannissement par défaut (par ex. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). Elle est utilisée pour définir les variables action_*.",
+  "settings.banaction.description": "Action de bannissement par défaut (par ex. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). Elle est utilisée pour définir les variables action_*.",
   "settings.banaction_allports": "Banaction Allports",
-  "settings.banaction_allports.description": "Action de bannissement pour tous les ports (par ex. iptables-allports, firewallcmd-allports, etc). Utilisée lorsqu'un jail doit bannir tous les ports au lieu de ports spécifiques.",
+  "settings.banaction_allports.description": "Action de bannissement pour tous les ports (par ex. nftables-allports, firewallcmd-allports, etc). Utilisée lorsqu'un jail doit bannir tous les ports au lieu de ports spécifiques.",
   "settings.default_findtime": "Findtime par défaut",
   "settings.default_findtime.description": "Un hôte est banni s'il a généré 'maxretry' échecs pendant les dernières 'findtime' secondes. Format de temps : 1m = 1 minutes, 1h = 1 heures, 1d = 1 jours, 1w = 1 semaines, 1mo = 1 mois, 1y = 1 années.",
   "settings.default_findtime_placeholder": "par exemple, 30m",

internal/locales/it.json

@@ -160,9 +160,9 @@
   "settings.default_bantime.description": "Il numero di secondi per cui un host viene bannato. Formato tempo: 1m = 1 minuti, 1h = 1 ore, 1d = 1 giorni, 1w = 1 settimane, 1mo = 1 mesi, 1y = 1 anni.",
   "settings.default_bantime_placeholder": "es. 48h",
   "settings.banaction": "Banaction",
-  "settings.banaction.description": "Azione di ban predefinita (es. iptables-multiport, iptables-allports, firewallcmd-multiport, ecc). Viene utilizzata per definire le variabili action_*.",
+  "settings.banaction.description": "Azione di ban predefinita (es. nftables-multiport, nftables-allports, firewallcmd-rich-rules, ecc). Viene utilizzata per definire le variabili action_*.",
   "settings.banaction_allports": "Banaction Allports",
-  "settings.banaction_allports.description": "Azione di ban per tutte le porte (es. iptables-allports, firewallcmd-allports, ecc). Utilizzata quando un jail deve bannare tutte le porte invece di porte specifiche.",
+  "settings.banaction_allports.description": "Azione di ban per tutte le porte (es. nftables-allports, firewallcmd-allports, ecc). Utilizzata quando un jail deve bannare tutte le porte invece di porte specifiche.",
   "settings.default_findtime": "Findtime predefinito",
   "settings.default_findtime.description": "Un host viene bannato se ha generato 'maxretry' errori durante gli ultimi 'findtime' secondi. Formato tempo: 1m = 1 minuti, 1h = 1 ore, 1d = 1 giorni, 1w = 1 settimane, 1mo = 1 mesi, 1y = 1 anni.",
   "settings.default_findtime_placeholder": "es. 30m",

pkg/web/static/js/settings.js

@@ -163,8 +163,8 @@ function loadSettings() {
       renderIgnoreIPsTags(ignoreIPs);
       
       // Load banaction settings
-      document.getElementById('banaction').value = data.banaction || 'iptables-multiport';
+      document.getElementById('banaction').value = data.banaction || 'nftables-multiport';
-      document.getElementById('banactionAllports').value = data.banactionAllports || 'iptables-allports';
+      document.getElementById('banactionAllports').value = data.banactionAllports || 'nftables-allports';
 
       applyAdvancedActionsSettings(data.advancedActions || {});
       loadPermanentBlockLog();

pkg/web/templates/index.html

@@ -819,17 +819,8 @@
           <!-- Banaction -->
           <div class="mb-4">
             <label for="banaction" class="block text-sm font-medium text-gray-700 mb-2" data-i18n="settings.banaction">Banaction</label>
-            <p class="text-xs text-gray-500 mb-2" data-i18n="settings.banaction.description">Default banning action (e.g. iptables-multiport, iptables-allports, firewallcmd-multiport, etc). It is used to define action_* variables.</p>
+            <p class="text-xs text-gray-500 mb-2" data-i18n="settings.banaction.description">Default banning action (e.g. nftables-multiport, nftables-allports, firewallcmd-rich-rules, etc). It is used to define action_* variables.</p>
             <select id="banaction" class="w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
-              <option value="iptables-multiport">iptables-multiport</option>
-              <option value="iptables-allports">iptables-allports</option>
-              <option value="iptables-new">iptables-new</option>
-              <option value="iptables-ipset">iptables-ipset</option>
-              <option value="iptables-ipset-proto4">iptables-ipset-proto4</option>
-              <option value="iptables-ipset-proto6">iptables-ipset-proto6</option>
-              <option value="iptables-ipset-proto6-allports">iptables-ipset-proto6-allports</option>
-              <option value="iptables-multiport-log">iptables-multiport-log</option>
-              <option value="iptables-xt_recent-echo">iptables-xt_recent-echo</option>
               <option value="firewallcmd-multiport">firewallcmd-multiport</option>
               <option value="firewallcmd-allports">firewallcmd-allports</option>
               <option value="firewallcmd-ipset">firewallcmd-ipset</option>
@@ -839,6 +830,15 @@
               <option value="nftables-multiport">nftables-multiport</option>
               <option value="nftables-allports">nftables-allports</option>
               <option value="nftables">nftables</option>
+              <option value="iptables-multiport">iptables-multiport</option>
+              <option value="iptables-allports">iptables-allports</option>
+              <option value="iptables-new">iptables-new</option>
+              <option value="iptables-ipset">iptables-ipset</option>
+              <option value="iptables-ipset-proto4">iptables-ipset-proto4</option>
+              <option value="iptables-ipset-proto6">iptables-ipset-proto6</option>
+              <option value="iptables-ipset-proto6-allports">iptables-ipset-proto6-allports</option>
+              <option value="iptables-multiport-log">iptables-multiport-log</option>
+              <option value="iptables-xt_recent-echo">iptables-xt_recent-echo</option>
               <option value="shorewall">shorewall</option>
               <option value="shorewall-ipset-proto6">shorewall-ipset-proto6</option>
               <option value="ufw">ufw</option>
@@ -858,15 +858,6 @@
             <label for="banactionAllports" class="block text-sm font-medium text-gray-700 mb-2" data-i18n="settings.banaction_allports">Banaction Allports</label>
             <p class="text-xs text-gray-500 mb-2" data-i18n="settings.banaction_allports.description">Banning action for all ports (e.g. iptables-allports, firewallcmd-allports, etc). Used when a jail needs to ban all ports instead of specific ones.</p>
             <select id="banactionAllports" class="w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
-              <option value="iptables-allports">iptables-allports</option>
-              <option value="iptables-multiport">iptables-multiport</option>
-              <option value="iptables-new">iptables-new</option>
-              <option value="iptables-ipset">iptables-ipset</option>
-              <option value="iptables-ipset-proto4">iptables-ipset-proto4</option>
-              <option value="iptables-ipset-proto6">iptables-ipset-proto6</option>
-              <option value="iptables-ipset-proto6-allports">iptables-ipset-proto6-allports</option>
-              <option value="iptables-multiport-log">iptables-multiport-log</option>
-              <option value="iptables-xt_recent-echo">iptables-xt_recent-echo</option>
               <option value="firewallcmd-allports">firewallcmd-allports</option>
               <option value="firewallcmd-multiport">firewallcmd-multiport</option>
               <option value="firewallcmd-ipset">firewallcmd-ipset</option>
@@ -876,6 +867,15 @@
               <option value="nftables-allports">nftables-allports</option>
               <option value="nftables-multiport">nftables-multiport</option>
               <option value="nftables">nftables</option>
+              <option value="iptables-allports">iptables-allports</option>
+              <option value="iptables-multiport">iptables-multiport</option>
+              <option value="iptables-new">iptables-new</option>
+              <option value="iptables-ipset">iptables-ipset</option>
+              <option value="iptables-ipset-proto4">iptables-ipset-proto4</option>
+              <option value="iptables-ipset-proto6">iptables-ipset-proto6</option>
+              <option value="iptables-ipset-proto6-allports">iptables-ipset-proto6-allports</option>
+              <option value="iptables-multiport-log">iptables-multiport-log</option>
+              <option value="iptables-xt_recent-echo">iptables-xt_recent-echo</option>
               <option value="shorewall">shorewall</option>
               <option value="shorewall-ipset-proto6">shorewall-ipset-proto6</option>
               <option value="ufw">ufw</option>