firewall: replace iptables with nftables (#2505)

* first adjustments to use Fail2Ban with nftables

* replace `iptables` -> `nftables` and adjust tests

nftables lists IPs a bit differently , so the order was adjusted for the
tests to be more flexible.

* line correction in mailserver.env

* change from `.conf` -> `.local` and remove redundant config

* revert HEREDOC to `echo`

Co-authored-by: Casper <casperklein@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2022-04-05 15:13:59 +02:00 committed by GitHub
parent 7c150402a0
commit a9305a073f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 42 additions and 72 deletions

View file

@ -11,6 +11,6 @@ findtime = 321
maxretry = 2
# Default ban action
# iptables-multiport: block IP only on affected port
# iptables-allports: block IP on all ports
banaction = iptables-multiport
# nftables-multiport: block IP only on affected port
# nftables-allports: block IP on all ports
banaction = nftables-multiport