[TUTORIAL] PMG 7/Debian 11 with fail2ban

stratosgear

New Member
Dec 3, 2021
3
1
3
51
Why does my log file display:

```
Dec 13 12:32:01 fdss01 systemd[1]: Started Proxmox VE replication runner.
Dec 13 12:32:18 fdss01 pvedaemon[5110]: authentication failure; rhost=::ffff:xxx.xxx.xxx.xxx user=stratos@pam msg=no such user ('stratos@pam')
Dec 13 12:32:57 fdss01 pvedaemon[5110]: authentication failure; rhost=::ffff:xxx.xxx.xxx.xxx user=stratos@pam msg=no such user ('stratos@pam')
```

I had to change the `/etc/fail2ban/filter.d/pmg-web-auth.conf` filter to use `pvedaemon` instead of `pmgdaemon`
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
Why does my log file display:

```
Dec 13 12:32:01 fdss01 systemd[1]: Started Proxmox VE replication runner.
Dec 13 12:32:18 fdss01 pvedaemon[5110]: authentication failure; rhost=::ffff:xxx.xxx.xxx.xxx user=stratos@pam msg=no such user ('stratos@pam')
Dec 13 12:32:57 fdss01 pvedaemon[5110]: authentication failure; rhost=::ffff:xxx.xxx.xxx.xxx user=stratos@pam msg=no such user ('stratos@pam')
```

I had to change the `/etc/fail2ban/filter.d/pmg-web-auth.conf` filter to use `pvedaemon` instead of `pmgdaemon`
Are you running Proxmox Virtual Environment or Proxmox Mail Gateway?
 

stratosgear

New Member
Dec 3, 2021
3
1
3
51
That's from my logo, on top left:
Proxmox
Virtual Environment 6.4-13

That's from the help screen:
version 6.4, Fri 07 May 2021 06:37:37 PM CEST
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
That's from my logo, on top left:
Proxmox
Virtual Environment 6.4-13

That's from the help screen:
version 6.4, Fri 07 May 2021 06:37:37 PM CEST
This tutorial is for Proxmox Mail Gateway. But the same concept should work for Proxmox Virt Env, just need to change the filter.
 

stratosgear

New Member
Dec 3, 2021
3
1
3
51
Sorry, I just noticed the "ProxMox Mail Gateway" subforum.

In reality, I already fixed the regex, so I have no issue. Just was wondering why the instructions did not work verbatim in my case. Now I know!

Thanks!
 
  • Like
Reactions: hata_ph

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
If you enable PMG's webUI access from the public internet, you may notice alot of authentication failure in /var/log/daemon.log.
Setup fail2ban to block/ban suspicious authentication failure attempts.

IMPORTANT: This setup was intended on a new setup of PMG 7.x. If you upgrade from previous version, double check the setup is using nftables or iptables or any old lingering fail2ban configuration.

Code:
Sep 13 11:39:00 pmg pmgdaemon[32409]: authentication failure; rhost=::ffff:183.253.84.171 user=root@pam msg=auth failed: Authentication failure

1. Install fail2ban

Code:
apt-get install fail2ban

2. Edit /etc/fail2ban/jail.d/defaults-debian.conf with below settings to enable fail2ban to use nftables instead of iptables as debian have transition to nftables since version 10.

Code:
[DEFAULT]
banaction = nftables-multiport
banaction_allports = nftables-allports

3. Create /etc/fail2ban/jail.d/pmg-web-auth.conf with below settings. Actually only port 8006 is needed. https/http is optional.

Code:
[pmg-web-auth]
enabled = true
port = https,http,8006
filter = pmg-web-auth
logpath = /var/log/daemon.log
maxretry = 2
# 1 hour
bantime = 3600

4. Create /etc/fail2ban/filter.d/pmg-web-auth.conf with below settings.

Code:
[Definition]
failregex = pmgdaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

5. Run below command to test the filter.

Code:
root@pmg:~# fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/pmg-web-auth.conf

Running tests
=============

Use   failregex filter file : pmg-web-auth, basedir: /etc/fail2ban
Use         log file : /var/log/daemon.log
Use         encoding : UTF-8


Results
=======

Failregex: 289 total
|-  #) [# of hits] regular expression
|   1) [289] pmgdaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1904] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-

Lines: 1904 lines, 0 ignored, 289 matched, 1615 missed
[processed in 0.07 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 1615 lines
root@pmg:~#

6. Optional to enable recidive to ban recurrent IP. Add below settings to /etc/fail2ban/jail.d/defaults-debian.conf or create new /etc/fail2ban/jail.d/recidive.conf.

Code:
[recidive]
enabled = true
maxretry = 3

7. Restart fail2ban services with the new settings.

Code:
systemctl restart fail2ban

8. Run fail2ban-client to check the jail status.

Code:
root@pmg:~# fail2ban-client status pmg-web-auth
Status for the jail: pmg-web-auth
|- Filter
|  |- Currently failed: 6
|  |- Total failed:     187
|  `- File list:        /var/log/daemon.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     19
   `- Banned IP list:
root@pmg:~#
root@pmg:~# fail2ban-client status recidive
Status for the jail: recidive
|- Filter
|  |- Currently failed: 2
|  |- Total failed:     19
|  `- File list:        /var/log/fail2ban.log
`- Actions
   |- Currently banned: 67
   |- Total banned:     67
   `- Banned IP list:   103.247.23.241 110.137.36.141 110.169.33.171 114.34.143.126 116.4.97.240 118.70.169.219 122.116.169.87 122.116.226.223 124.90.112.180 125.70.238.161 128.201.97.48 138.201.30.76 139.91.58.2 14.154.30.97 148.251.128.232 168.197.154.149 168.90.211.32 170.78.40.35 170.78.96.97 170.83.16.221 175.138.106.77 175.44.42.19 177.156.170.10 177.170.20.12 177.35.242.45 178.217.216.117 179.159.214.35 183.253.70.11 185.230.76.44 186.23.236.4 187.189.5.102 188.124.228.14 189.39.103.150 189.85.150.143 193.33.88.181 196.75.2.149 200.112.210.165 201.139.170.153 202.138.244.37 209.141.53.116 210.240.163.93 222.69.254.18 223.70.201.178 223.73.88.191 31.27.213.108 36.66.190.197 36.91.14.2 45.179.177.254 45.181.230.54 5.185.17.11 58.32.32.133 71.199.58.165 77.37.250.109 81.192.169.51 82.202.176.41 82.202.176.42 82.202.176.43 83.110.17.121 87.255.198.188 87.5.193.144 87.5.6.99 87.92.54.24 14.154.31.171 179.176.73.149 183.253.70.154 196.75.21.130 81.248.68.120
root@pmg:~#

9. Check nftables rule status.

Code:
root@pmg:~# nft list table inet f2b-table
table inet f2b-table {
        set addr-set-recidive {
                type ipv4_addr
                elements = { 5.185.17.11, 14.154.30.97,
                             14.154.31.171, 31.27.213.108,
                             36.66.190.197, 36.91.14.2,
                             45.179.177.254, 45.181.230.54,
                             58.32.32.133, 71.199.58.165,
                             77.37.250.109, 81.192.169.51,
                             81.248.68.120, 82.202.176.41,
                             82.202.176.42, 82.202.176.43,
                             83.110.17.121, 87.5.6.99,
                             87.5.193.144, 87.92.54.24,
                             87.255.198.188, 103.247.23.241,
                             110.137.36.141, 110.169.33.171,
                             114.34.143.126, 116.4.97.240,
                             118.70.169.219, 122.116.169.87,
                             122.116.226.223, 124.90.112.180,
                             125.70.238.161, 128.201.97.48,
                             138.201.30.76, 139.91.58.2,
                             148.251.128.232, 168.90.211.32,
                             168.197.154.149, 170.78.40.35,
                             170.78.96.97, 170.83.16.221,
                             175.44.42.19, 175.138.106.77,
                             177.35.242.45, 177.156.170.10,
                             177.170.20.12, 178.217.216.117,
                             179.159.214.35, 179.176.73.149,
                             183.253.70.11, 183.253.70.154,
                             185.230.76.44, 186.23.236.4,
                             187.189.5.102, 188.124.228.14,
                             189.39.103.150, 189.85.150.143,
                             193.33.88.181, 196.75.2.149,
                             196.75.21.130, 200.112.210.165,
                             201.139.170.153, 202.138.244.37,
                             209.141.53.116, 210.240.163.93,
                             222.69.254.18, 223.70.201.178,
                             223.73.88.191 }
        }

        set addr-set-pmg-web-auth {
                type ipv4_addr
        }

        chain f2b-chain {
                type filter hook input priority filter - 1; policy accept;
                meta l4proto { tcp } ip saddr @addr-set-recidive reject
                tcp dport { 80, 443, 8006 } ip saddr @addr-set-pmg-web-auth reject
        }
}
root@pmg:~#

10. To enable email notification, add below settings to /etc/fail2ban/jail.d/defaults-debian.conf or create new /etc/fail2ban/jail.d/mail-notification.conf. But there is a bug to use bsd-mailx's mail program with fail2ban, so you may need to use mailutils or manually patch the codes in /etc/fail2ban/action.d/mail-*.conf.
My suggestion is just create /etc/fail2ban/action.d/bsd-mailx-*.conf from /etc/fail2ban/action.d/mail-*.conf with the code changes.

Code:
[DEFAULT]
mta = mail # use default mail program
#mta = bsd-mailx # use default mail program
destemail = root@localhost # Destination email address
sender = root@<fq-hostname> # Sender email address

https://pve.proxmox.com/wiki/Fail2ban
Hello @hata_ph is this just for mail server? how can we install fail2ban on PVE Virtual Environment 7.1-10

Code:
proxmox-ve: 7.1-1 (running kernel: 5.13.19-4-pve)
pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe)
pve-kernel-helper: 7.1-12
pve-kernel-5.13: 7.1-7
pve-kernel-5.4: 6.4-11
pve-kernel-5.13.19-4-pve: 5.13.19-9
pve-kernel-5.13.19-3-pve: 5.13.19-7
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.4.157-1-pve: 5.4.157-1
pve-kernel-5.4.73-1-pve: 5.4.73-1
ceph-fuse: 15.2.15-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: 0.8.36+pve1
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-6
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-3
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-6
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-5
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-pve2
spiceterm: 3.2-2
swtpm: 0.7.0~rc1+2
vncterm: 1.7-1
zfsutils-linux: 2.1.2-pve1


Thanks for your help. I am a newbie at proxmox and fail2ban
Already installed and have 3 vm running that use cPanel with CSF firewall
but need to protect my PVE
I totally appreciate your help and thank you in advance. or anyone who may give me guidance.

I have 8006 open to public and 22 sshd open as well.

since I do not have option for vpn and my home ip is always changing from my internet service provider/

Spiro
 

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
@Spirog, follow https://pve.proxmox.com/wiki/Fail2ban to setup for PVE.
Double check PVE is using iptables or nftables and adjust the filter accordingly.
i try running
Code:
root@proxmox:~# nft list table inet f2b-table
-bash: nft: command not found
and got error so in terminal I type # nftables
Code:
-bash: nftables: command not found

so then it must be using iptables. when i type in # iptables
i get
Code:
root@proxmox:~# iptables
iptables v1.8.7 (legacy): no command specified
Try `iptables -h' or 'iptables --help' for more information.

do I need to change this to nftables now? and if its better how can I do this ?

I had PVE setup before release of 7 and started with pve 6 then upgraded to latest version as of today pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe)
and using Debian 11
Code:
root@proxmox:~# cat /etc/debian_version
11.2

I added the nftable rules you have here

Edit /etc/fail2ban/jail.d/defaults-debian.conf with below settings to enable fail2ban to use nftables instead of iptables as debian have transition to nftables since version 10.


Code:
[DEFAULT]
banaction = nftables-multiport
banaction_allports = nftables-allports

but this will not work I guess cause based on what I see it's not installed

I don't mind doing a little work and installing nftables if its better since you say Debian 10 and up uses nftables.
Also seems iptables is legacy and shown in my terminal.

can anyone help me on how to do this so it will work correctly

Thanks so so much in advance

Kind Regards,

Spiro
 
Last edited:

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
Found this from your link Version 10

nftables in Debian the easy way​


If you want to enable a default firewall in Debian, follow these steps:

- Would I follow this guide first to install nftables?

Code:
# apt-get install nftables
# systemctl enable nftables.service

This way, nftables is active at boot. By default, rules are located in /etc/nftables.conf.

To stop nftables from doing anything, just drop all the rules:


Code:
# nft flush ruleset

To prevent nftables from starting at boot:

Code:
# systemctl mask nftables.service



To uninstall it and purge any traces of nftables in your system:

Code:
# aptitude purge nftables



Reverting to legacy xtables​


You can switch back and forth between iptables-nft and iptables-legacy by means of update-alternatives (same applies to arptables and ebtables).


Question - Would I use this below after installing nftables?

Code:
The default starting with Debian 10 Buster:

# update-alternatives --set iptables /usr/sbin/iptables-nft
# update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
# update-alternatives --set arptables /usr/sbin/arptables-nft
# update-alternatives --set ebtables /usr/sbin/ebtables-nft


Question - and this would be if you only want to revert back to iptables?


Code:
Switching to the legacy version:

# update-alternatives --set iptables /usr/sbin/iptables-legacy
# update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
# update-alternatives --set arptables /usr/sbin/arptables-legacy
# update-alternatives --set ebtables /usr/sbin/ebtables-legacy



FAQ​

What is nftables?​


Is the new framework by the Netfilter Project, allowing you to perform packet filtering (firewalling), NAT, mangling and packet classification.

Should I build a firewall using a nftables?​

Question- does this mean I should uninstall iptables first then install nftables?
because it says yes and then - building new firewalls -----

Code:
Yes. Building new firewalls on top of iptables is discouraged. ??

Thank you again just want to make sure I get it right this is a production server

Spiro
 
Last edited:

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
@Spirog if your PVE use iptables instead of nftables, just ignore step 2 as fail2ban use iptables by default.
Configure step 4 to use pvedaemon instead of pmgdaemon.

Try wrongly log in your pve web and run command tail -f /var/log/fail2ban.log to view fail2ban in action or error.
 

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
OK I followed the directions and a
@Spirog if your PVE use iptables instead of nftables, just ignore step 2 as fail2ban use iptables by default.
Configure step 4 to use pvedaemon instead of pmgdaemon.

Try wrongly log in your pve web and run command tail -f /var/log/fail2ban.log to view fail2ban in action or error.

Thanks I did install nftables

Code:
root@proxmox:/# nft list table inet f2b-table
table inet f2b-table {
        set addr-set-sshd {
                type ipv4_addr
                elements = { 35.198.19.187, 42.200.78.78,
                             43.155.96.63, 60.173.239.156,
                             96.79.124.153, 106.75.229.155,
                             112.85.42.119, 122.194.229.38,
                             122.194.229.54, 129.28.177.29,
                             177.139.137.190 }
        }

        set addr-set-recidive {
                type ipv4_addr
                elements = { 61.177.173.30, 103.141.208.61,
                             111.67.194.92, 137.184.134.129,
                             138.68.4.8, 182.61.49.107,
                             223.167.111.63 }
        }

        chain f2b-chain {
                type filter hook input priority filter - 1; policy accept;
                tcp dport { 22 } ip saddr @addr-set-sshd reject
                meta l4proto { tcp } ip saddr @addr-set-recidive reject
        }
}
root@proxmox:/#

I did step 4 as you said pvedaemon

but just notice in the proxmox how to install fail2ban we have proxmox.conf

Code:
Add the following string to the end of this file /etc/fail2ban/jail.local :

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600
Create the file /etc/fail2ban/filter.d/proxmox.conf :

[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
You can test your configuration trying to GUI login with a wrong password or user, and then issue the command :

fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf



so I believe this is a double correct? so I dont need to do step 3 or 4 in your instructions?



here is the output of fail2ban.log

Code:
root@proxmox:/# tail -f /var/log/fail2ban.log
2022-02-24 21:15:41,601 fail2ban.filter         [1948792]: INFO    [recidive] Found 122.194.229.38 - 2022-02-24 21:15:41
2022-02-24 21:18:45,491 fail2ban.filter         [1948792]: INFO    [sshd] Found 129.28.177.29 - 2022-02-24 21:18:45
2022-02-24 21:18:47,114 fail2ban.filter         [1948792]: INFO    [sshd] Found 129.28.177.29 - 2022-02-24 21:18:47
2022-02-24 21:18:47,836 fail2ban.actions        [1948792]: NOTICE  [sshd] Ban 129.28.177.29
2022-02-24 21:18:47,841 fail2ban.filter         [1948792]: INFO    [recidive] Found 129.28.177.29 - 2022-02-24 21:18:47
2022-02-24 21:19:03,409 fail2ban.filter         [1948792]: INFO    [sshd] Found 42.200.78.78 - 2022-02-24 21:19:03
2022-02-24 21:19:05,016 fail2ban.filter         [1948792]: INFO    [sshd] Found 42.200.78.78 - 2022-02-24 21:19:04
2022-02-24 21:19:05,079 fail2ban.actions        [1948792]: NOTICE  [sshd] Ban 42.200.78.78
2022-02-24 21:19:05,081 fail2ban.filter         [1948792]: INFO    [recidive] Found 42.200.78.78 - 2022-02-24 21:19:05
2022-02-24 21:20:00,361 fail2ban.actions        [1948792]: NOTICE  [sshd] Unban 92.255.85.237
2022-02-24 21:20:01,084 fail2ban.filter         [1948792]: INFO    [sshd] Found 60.173.239.156 - 2022-02-24 21:20:00
2022-02-24 21:20:02,745 fail2ban.filter         [1948792]: INFO    [sshd] Found 60.173.239.156 - 2022-02-24 21:20:02
2022-02-24 21:20:02,987 fail2ban.actions        [1948792]: NOTICE  [sshd] Ban 60.173.239.156
2022-02-24 21:20:02,994 fail2ban.filter         [1948792]: INFO    [recidive] Found 60.173.239.156 - 2022-02-24 21:20:02


not sure why sshd unban an IP this is really weird. or was that over the 1 hour it was banned possibly before and it unbans it after the 3600?

Code:
2022-02-24 21:20:00,361 fail2ban.actions        [1948792]: NOTICE  [sshd] Unban 92.255.85.237

Is there a way to use fail2ban and permanently block the IP's indefinitely ? not just ban for an hour or so. some of these ip's have been hitting my ssh for weeks I see them all the time. so wondering how I can use fail2ban to block them for good.

is there a rule after 3 maxtries they get ban for 6 hours and then if they continue they get blocked for 24 hrs and again forever ?

thanks so much for all your help. if you have a gofundme or a buyme a coffee link or (buyme a beer link :)

I would be more than willing to fund you for your help :)

KindRegards,
Spiro
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
@Spirog , follow step 6 to enable recidive filter, customize it base on your requirement.
Below are default recidive setting from /etc/fail2ban/jail.conf. It will ban recurrent IP hit with in 1 day for 1 week.

Code:
[recidive]

logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 1w
findtime = 1d

https://wiki.meurisse.org/wiki/Fail2Ban
 
Last edited:
  • Like
Reactions: Spirog

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
@Spirog , follow step 6 to enable recidive filter, customize it base on your requirement.
Below are default recidive setting from /etc/fail2ban/jail.conf.

Code:
[recidive]

logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 1w
findtime = 1d

https://wiki.meurisse.org/wiki/Fail2Ban
Thank you so much.... one last question, Do I remove (uninstall iptables or leave it be ?)

I totally appreciate your time and you as well..

Warm Regards,
Spiro
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
pls run apt search iptables | grep installed in terminal and provide the output.
 

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
pls run apt search iptables | grep installed in terminal and provide the output.
Code:
root@proxmox:/# apt search iptables | grep installed

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

ebtables/stable,now 2.0.11-4+b1 amd64 [installed]
fail2ban/stable,now 0.11.2-2 all [installed]
ipset/stable,now 7.10-1 amd64 [installed]
iptables/stable,now 1.8.7-1 amd64 [installed]
libip4tc0/now 1.8.2-4 amd64 [installed,local]
libip4tc2/stable,now 1.8.7-1 amd64 [installed,automatic]
libip6tc0/now 1.8.2-4 amd64 [installed,local]
libip6tc2/stable,now 1.8.7-1 amd64 [installed,automatic]
libipset11/now 6.38-1.2 amd64 [installed,local]
libipset13/stable,now 7.10-1 amd64 [installed,automatic]
libnftables1/stable,now 0.9.8-3.1 amd64 [installed,automatic]
libxtables12/stable,now 1.8.7-1 amd64 [installed]
nftables/stable,now 0.9.8-3.1 amd64 [installed]
root@proxmox:/#
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
@Spirog , you can remove iptables using command apt-get remove iptables. But pls make sure there is no others application using iptables before removing it.

Btw, as mention before fail2ban work with iptables by default. So unless you are very sure to remove iptables, I would recommend try to use iptables first.
Just skip or revert step 2 and restart fail2ban service, monitor /etc/log/fail2ban.log again.
 

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
@Spirog , you can remove iptables using command apt-get remove iptables. But pls make sure there is no others application using iptables before removing it.

Btw, as mention before fail2ban work with iptables by default. So unless you are very sure to remove iptables, I would recommend try to use iptables first.
Just skip or revert step 2 and restart fail2ban service, monitor /etc/log/fail2ban.log again.
I have a server and installed proxmox. then created 3 vm's 2 test and one production. all have cPanel installed with Almalinux OS
on the proxmox server there is nothing else installed just was a basic install of PVE to use so I can create VM's to test and 1 for production.

is it ok to just use nftables and leave iptables as is? or will fail2ban not work correctly as i have it now?
 

hata_ph

Well-Known Member
Nov 13, 2019
868
186
48
43
@Spirog, if you confirm your PVE is no longer require iptables then it is ok to remove it.

I would recommend test out iptables first with fail2ban. If iptables work then u can remove nftables since u just install it recently.
 
  • Like
Reactions: Spirog

Spirog

Member
Jan 31, 2022
230
24
18
Chicago, IL
@Spirog, if you confirm your PVE is no longer require iptables then it is ok to remove it.

I would recommend test out iptables first with fail2ban. If iptables work then u can remove nftables since u just install it recently.
ok thanks i will test iptables and if work remove nftables thank you so much so sorry for the headache.. Man I do appreciate you so much for your time and troubles in helping me..

as I can confirm I have funds ready to buy you a bear or a coffee or ? thank you any time I will reply

OPA

Thank you again
Spiro
 
  • Like
Reactions: hata_ph

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!