I know that by default, webmin iptables shows you the config file, and not any "temporary" rules running in iPTables. And yes, I know there is an option to change the module config so you can edit the iptable rules directly allowing you to see all currently running rules/chains/etc.
What I don't know, is what is the "expected" behavior of fail2ban in webmin's IP tables config.
i.e. Should all of the fail2ban chains be saved to the iptables config, or should the fail2ban chains only be in the active rules (i.e. you wouldn't see the chains when editing the iptables config in webmin, but you can see the fail2ban chains from CLI when viewing the iptables active rule set.
Here's a screen shot of the iptables INPUT config on 2 servers that have identical fail2ban configurations (same active jails/filters/config/etc.)
Fail2Ban is running on both....viewing the active rules from cli with iptables -L shows the active iptables ruleset is identical. The only differnence is on the left side, the fail2ban chains aren't saved in the webmin iptables config file, and on the right side those fail2ban chains are saved in the webmin iptables config.
Which one is the correct/right/most secure way for it to be?