Netfilter-persistent et fail2ban
Il peut donc être intéressant de rajouter un fichier de plugin qui se charge de redémarrer fail2ban à chaque fois que le netfilter-persistent est redémarré.
Editer le fichier /usr/share/netfilter-persistent/plugins.d/30-fail2ban :
#!/bin/bash
# This script is a plugin of netfilter-persistent.
# Please put it into /usr/share/netfilter-persistent/plugins.d
# NOTE: Ensure this file is executable.
set -e
rc=0
case "$1" in
start)
# Do not start if the network is not yet enabled : hang booting
systemctl status fail2ban > /dev/null && systemctl restart fail2ban
restart|reload|force-reload)
# Do not start if the network is not yet enabled : hang booting
systemctl status fail2ban > /dev/null && systemctl restart fail2ban
;;
save)
;;
stop)
systemctl stop fail2ban
;;
flush)
;;
*)
echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
exit 1
;;
esac
exit $rc
Rendre exécutable : chmod +x /usr/share/netfilter-persistent/plugins.d/30-fail2ban
