The naughty way is to edit /etc/fail2ban/action.d/iptables.conf or /etc/fail2ban/action.d/iptables-multiport.conf or whatever action file your jail is using and change the actionstart command and add "2" after the <chain> bit so "<chain> -p" becomes "<chain> 2 -p". The ideal way is to add your own .local file which overrides the actionstart section.
Nick On 01/10/2016 12:03, Marcus Schopen wrote: > Hi, > > is there a way to say fail2ban to insert its rules on position 2 in > INPUT chain? This is why I'd like to insert ipset blacklists on position > 1 before fail2ban. At boot time I manage this by running an init.d > script after fail2ban. But as soon as I restart fail2ban after some > changes, it pushes itself back on position 1 in INPUT chain. > > Ciao > Marcus > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
