0

I have

rocky 8 PHP 8.1 Apache/2.4.37 (rocky)

Firewalld blocking thousands and thousands of IP's

enable with firewall-cmd --permanent --zone=block --add-source=ipset:block_ips

When I reboot the server the firewalld blocks the httpd server, and I can't access to the webpage.

My solution is to restart the firewall and everything is ok again.

The firewalld is enabled and shouldn't be necessary to restart again the firewalld on every reboot, but I need to do that, any ideas on how to solve this?

EDIT:

1- Running fail2ban;

2- The firewall-cmd --list-all doesn't have any kind of useful information.;

3- On Ipset I made: firewall-cmd --permanent --new-ipset=block_countries --type=hash:net --option=family=inet --option=hashsize=4096 --option=maxelem=999999

firewall-cmd --permanent --zone=block --add-source=ipset:block_countries>

firewall-cmd --permanent --ipset=block_countries --add-entries-from-file=/uilas/blacklist/block_countries

pata2004
  • 11
  • 4
  • Have you check what `--list-all` says when the server is locked? How is the ipset managed? Are you running fail2ban? – Ginnungagap Mar 18 '23 at 07:13
  • Hi @Ginnungagap , 1- Yes, I'm running fail2ban; 2- The firewall-cmd --list-all doesn't have any kind of useful information.; 3- On Ipset I made: firewall-cmd --permanent --new-ipset=block_countries --type=hash:net --option=family=inet --option=hashsize=4096 --option=maxelem=999999 firewall-cmd --permanent --zone=block --add-source=ipset:block_countries> firewall-cmd --permanent --ipset=block_countries --add-entries-from-file=/uilas/blacklist/block_countries – pata2004 Mar 18 '23 at 16:13
  • Try disabling fail2ban and see if you still have the issue, my guess would be not. Also feel free to add information to your question which has better formatting support than comments. – Ginnungagap Mar 18 '23 at 17:08
  • Thanks @Ginnungagap, you are right the issue is on fail2ban – pata2004 Mar 20 '23 at 20:53

1 Answers1

0

Disabling apache-botsearch on fail2ban solves the issue

pata2004
  • 11
  • 4
  • The issue is likely that fail2ban injects its rules by default as the first rule of the input chain (for legacy iptables) or a `filter - 1` priority table meaning some of your expected rules might not apply. It also has a whitelist option to avoid blocking your own IPs. – Ginnungagap Mar 20 '23 at 21:05
  • When you restart firewalld, rules not managed by firewalld get removed which explains why restarting it fixed the issue. – Ginnungagap Mar 20 '23 at 21:07