I am utilizing the
geoip to solely enable visitors from some international locations and
fail2ban basically to dam scans.
I am conscious of fail2ban itself managing the persistence of its guidelines. Now I additionally need my geoip guidelines to be persistent, utilizing
My (potential) downside: When
iptables-persistent restores the principles it makes use of
iptables-restore < /and many others/iptables/guidelines.v4 with out the
-n possibility, which signifies that all present guidelines shall be overwritten.
I now concern race situations on system startup the place
fail2ban is mid or completed restoring its guidelines an then
iptables-restore overwrites every part.
At the moment I’ve put the
-n choice to
/usr/share/netfilter-persistent/plugins.d/15-ip4tables which shall be known as by
iptables-persistent however modifying some scripts managed by the package deal is feasible no good thought because it could possibly be overwritten by an replace.
Is there a secure or normal method to restore iptables guidelines with out potential conflicts with the fail2ban service beginning up? Or is it assured that
iptables-restore will run earlier than the beginning of