Hey Josh and team,
I recently added a fail2ban jail to filter out HTTP requests from clearly malicious users, and in the course of doing so I noticed that IPs that should have been banned did not show up in iptables rules.
I changed the configuration of fail2ban to use ufw instead of iptables, and upon restart the target IPs show up in ufw ban rules. (In the right place even — ufw rules are numbered so if you want to ALLOW ALL and then selectively REJECT, the REJECT rule must have a lower number than the ALLOW rule).
It makes sense to use Ubuntu’s default firewall, ufw, for MIAB, since MIAB is configured to run only on Ubuntu.
Is the current configuration (using iptables) a case of accepting the default setting, or was there a specific design decision there?
If the former, I would suggest making the change – and would happily add a PR.