The fail2ban-firewalld drop-in config only defines banaction - it should also define banaction_allports, probably like: banaction_allports = firewallcmd-ipset[actiontype=<allports>] Also, since the default banaction is iptables-multiport, the firewalld action should probably also be multiport, like: banaction = firewallcmd-ipset[actiontype=<multiport>]
Thanks. Have you tested both of these to see that they work?
Yes, I've got that on a Fedora 29 (which obviously needs an OS upgrade) system right now, and will be adding to a CentOS 7/EPEL system today - I believe this should work everywhere except CentOS 6.
Ahh, it doesn't work on CentOS 7, because firewalld is version 0.9.7 there. Any chance of updating the EPEL 7 branch to 0.10? That'd also bring IPv6 support, which would be good.
BTW: in my last comment that should be "because fail2ban is version 0.9.7" (not firewalld - too many Fs). It does look like the following works okay in fail2ban-0.9.7, so even if the version isn't updated, the fail2ban-firewalld subpackage could be updated with it: banaction = firewallcmd-ipset banaction_allports = firewallcmd-ipset
FEDORA-2019-e779b23681 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e779b23681
FEDORA-2019-1a35bad958 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a35bad958
FEDORA-EPEL-2019-dac149ad76 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dac149ad76
fail2ban-0.10.4-8.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e779b23681
fail2ban-0.10.4-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dac149ad76
fail2ban-0.10.4-8.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a35bad958
fail2ban-0.10.4-8.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
fail2ban-0.10.4-8.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
fail2ban-0.10.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.