firewall: replace iptables with nftables (#2505)

* first adjustments to use Fail2Ban with nftables * replace `iptables` -> `nftables` and adjust tests nftables lists IPs a bit differently , so the order was adjusted for the tests to be more flexible. * line correction in mailserver.env * change from `.conf` -> `.local` and remove redundant config * revert HEREDOC to `echo` Co-authored-by: Casper <casperklein@users.noreply.github.com>
2025-08-31 06:15:28 +00:00 · 2022-04-05 15:13:59 +02:00
parent 7c150402a0
commit a9305a073f
10 changed files with 42 additions and 72 deletions
--- a/target/scripts/startup/setup-stack.sh
+++ b/target/scripts/startup/setup-stack.sh
@@ -1144,7 +1144,7 @@ function _setup_fail2ban
  _log 'debug' 'Setting up Fail2Ban'
  if [[ ${FAIL2BAN_BLOCKTYPE} != 'reject' ]]
  then
-    echo -e '[Init]\nblocktype = DROP' >/etc/fail2ban/action.d/iptables-common.local
+    echo -e '[Init]\nblocktype = drop' >/etc/fail2ban/action.d/nftables-common.local
  fi
 }