Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fail2Ban DROP instead REJECT
#Depending on version one of the following files must exist
root@host:/ nano /etc/fail2ban/action.d/iptables-blocktype.conf
or
root@host:/ nano /etc/fail2ban/action.d/iptables-common.conf
comment the line
#blocktype = REJECT --reject-with icmp-port-unreachable
create the line
blocktype = DROP
@radjah

This comment has been minimized.

Copy link

commented Feb 8, 2019

Write it to iptables-common.local

@caffeinatedgoat

This comment has been minimized.

Copy link

commented Jun 2, 2019

Why is the default REJECT? Surely DROP is better?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.