28 Jul
2021
28 Jul
'21
8:57 p.m.
For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset rather than iptables, which is more efficient.
That’s in CentOS 7 though.
CentOS 8 firewalld uses nft instead of the older netfilter (iptables/ipset) code.
Is that an improvement? I'm still running Centos7 so I'm not familiar with it.