for now I’m testing some workable cases, and I implemented several jails
# ll /etc/fail2ban/jail.d/
total 48
-rw-r--r--. 1 root root 26 Nov 28 10:32 dovecot.local
-rw-r--r--. 1 root root 509 Nov 28 08:19 httpd.local
-rw-r--r--. 1 root root 202 Nov 29 04:14 jail.local
-rw-r--r--. 1 root root 61 Nov 28 17:11 mysql-auth.local
-rw-r--r--. 1 root root 45 Nov 29 04:08 pam-generic.local
-rw-r--r--. 1 root root 26 Nov 28 10:29 postfix.local
-rw-r--r--. 1 root root 28 Nov 28 10:34 recidive.local
-rw-r--r--. 1 root root 74 Nov 28 10:16 roundcubemail.local
-rw-r--r--. 1 root root 24 Nov 28 10:32 sieve.local
-rw-r--r--. 1 root root 28 Nov 28 10:10 sogo.local
-rw-r--r--. 1 root root 81 Nov 28 17:41 sshd.local
-rw-r--r--. 1 root root 88 Nov 28 10:25 vsftpd.local
I believe that my issues came from the pam-generic jail which has an action iptables-allports…most of time I have just enabled the jail (enabled = true) but I wonder that I need to provide a full configuration jail in each local file. Indeed the rpm can be updated by the fail2ban team with other configurations that could drive to bugs.
I planned also to provide a jail for nginx, I suppose that you use the 443 and 80 ports ?