From 8283bdb32fce6c4101db825ade6573b36413d98c Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Thu, 2 Jul 2020 17:52:13 -0500
Subject: [PATCH] CentOS/RHEL 8 fix

- Fix fail2ban rules for nftables on CentOS/RHEL 8
---
 vpnsetup_centos.sh | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index ebb4d40..1f45268 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -381,15 +381,26 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
 EOF
 fi
 
-if [ ! -f /etc/fail2ban/jail.local ] ; then
+F2B_FILE="/etc/fail2ban/jail.local"
+if [ ! -f "$F2B_FILE" ]; then
   bigecho "Creating basic Fail2Ban rules..."
-cat > /etc/fail2ban/jail.local <<'EOF'
+cat > "$F2B_FILE" <<'EOF'
 [ssh-iptables]
-enabled  = true
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-logpath  = /var/log/secure
+enabled = true
+filter = sshd
+logpath = /var/log/secure
 EOF
+
+  if [ "$use_nft" = "1" ]; then
+cat >> "$F2B_FILE" <<'EOF'
+port = ssh
+banaction = nftables-multiport[blocktype=drop]
+EOF
+  else
+cat >> "$F2B_FILE" <<'EOF'
+action = iptables[name=SSH, port=ssh, protocol=tcp]
+EOF
+  fi
 fi
 
 bigecho "Updating IPTables rules..."