Fail2Ban: iptables not found

Fix the Fail2Ban 'iptables: not found' error on systems using nftables as the default firewall backend.

Fail2Ban: iptables not found
When Fail2Ban Produces This Error
What Causes "iptables not found" in Fail2Ban
How to Fix "iptables not found" in Fail2Ban
How to Verify the Fix

Fail2Ban: iptables not found

Fail2Ban logs "iptables: not found" when the iptables binary is not installed on a system using nftables as the default firewall.

When Fail2Ban Produces This Error

Fail2Ban writes /bin/sh: 1: iptables: not found to /var/log/fail2ban.log when attempting to ban an IP. The ban action fails and the IP is not blocked.

What Causes "iptables not found" in Fail2Ban

Modern Debian and Ubuntu installations use nftables as the default firewall backend and do not install the iptables binary. Fail2Ban defaults to the iptables-multiport ban action, which requires the iptables command.

How to Fix "iptables not found" in Fail2Ban

Switch Fail2Ban to use nftables instead of iptables. Edit /etc/fail2ban/jail.local:

[DEFAULT]
banaction = nftables-multiport
banaction_allports = nftables-allports

Restart Fail2Ban:

sudo systemctl restart fail2ban

How to Verify the Fix

The Fail2Ban log should show successful ban operations without iptables errors:

sudo tail -20 /var/log/fail2ban.log