Your message dated Sat, 24 Sep 2011 03:03:09 +0000
with message-id <[email protected]>
and subject line Bug#554162: fixed in fail2ban 0.8.5-2
has caused the Debian Bug report #554162,
regarding fail2ban: sometimes(frequently) fails to load iptable rules with
multiple jails
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
554162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554162
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: fail2ban
Version: 0.8.4-1
Severity: important
Hi,
I have problems with using several jails. It was there before, but didn't hit
so hard as today, when i was unable to restart fail2ban cleanly , i was trying
it for maybe 50 times (changing configs, installing python2.4 ...etc).
I seems to fail to execute iptables in correct orderd leading to something like
this in its output
-----
iptables: Resource temporarily unavailable.
iptables: No chain/target/match by that name.
iptables v1.4.4: Couldn't load target
`fail2ban-proftpd':/lib/xtables/libipt_fail2ban-proftpd.so: cannot open shared
object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
2009-11-03 14:29:14,591 fail2ban.actions.action: ERROR iptables -N
fail2ban-proftpd
iptables -A fail2ban-proftpd -j RETURN
iptables -I INPUT -p tcp -m multiport --dports ftp,ftp-data,ftps,ftps-data -j
fail2ban-proftpd returned 200
-----
Seems like last rule is executed when chain is not ready
This problem is reported upstream, i think
http://sourceforge.net/tracker/?func=detail&aid=2870788&group_id=121032&atid=689044
With patch
http://sourceforge.net/tracker/?func=detail&aid=2857096&group_id=121032&atid=689046
Patch applies fine and seems to help, but I have to use
action = %(action_)s
instead of action_m
action_m = %(banaction)s[name=%(__name__)s, port="%(port)s",
protocol="%(protocol)s]
%(mta)s[name=%(__name__)s, dest="%(destemail)s",
protocol="%(protocol)s]
action = %(action_m)s
or provided
action = %(action_mw)s
With regards
Libor
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.29-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii python 2.5.4-2 An interactive high-level object-o
ii python-central 0.6.11 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.4.4-2 administration tools for packet fi
ii whois 4.7.32 an intelligent whois client
Versions of packages fail2ban suggests:
ii bsd-mailx [mailx] 8.1.2-0.20081101cvs-2 A simple mail user agent
pn python-gamin <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: fail2ban
Source-Version: 0.8.5-2
We believe that the bug you reported is fixed in the latest version of
fail2ban, which is due to be installed in the Debian FTP archive:
fail2ban_0.8.5-2.diff.gz
to main/f/fail2ban/fail2ban_0.8.5-2.diff.gz
fail2ban_0.8.5-2.dsc
to main/f/fail2ban/fail2ban_0.8.5-2.dsc
fail2ban_0.8.5-2_all.deb
to main/f/fail2ban/fail2ban_0.8.5-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yaroslav Halchenko <[email protected]> (supplier of updated fail2ban
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 23 Sep 2011 22:12:08 -0400
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.5-2
Distribution: unstable
Urgency: low
Maintainer: Yaroslav Halchenko <[email protected]>
Changed-By: Yaroslav Halchenko <[email protected]>
Description:
fail2ban - ban hosts that cause multiple authentication errors
Closes: 554162
Changes:
fail2ban (0.8.5-2) unstable; urgency=low
.
* [5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
server's executeCmd to prevent racing among iptables calls (Closes:
#554162) Many kudos go to Michael Saavedra for the patch
Checksums-Sha1:
f760f9b74d8f3ea6052e7564bc3c627b7b1ac0d2 1211 fail2ban_0.8.5-2.dsc
0c9ce1a4bf6b604787af8cffdb1325033e0b0532 30828 fail2ban_0.8.5-2.diff.gz
557cb5e47b84bc637c2c14cbcde98890067a6d3c 98940 fail2ban_0.8.5-2_all.deb
Checksums-Sha256:
b5f31f19370447f627512377b16e6b52425025e893c1cac7b400c2fa843d3984 1211
fail2ban_0.8.5-2.dsc
225b1780fbb73d08a5db9d3b51868cc0fdffe197d7f0e6b97cee84f13be0aa34 30828
fail2ban_0.8.5-2.diff.gz
188d5856b20078ee4991798ad620798dbb17781d8e3fcba69b88b23747394d3a 98940
fail2ban_0.8.5-2_all.deb
Files:
5fcc95cbd5d386167bcd93fec3fdefda 1211 net optional fail2ban_0.8.5-2.dsc
6d3cf4924e62453bec9e8badb2a8daae 30828 net optional fail2ban_0.8.5-2.diff.gz
0155c6860c74a204554c993dc7ad09eb 98940 net optional fail2ban_0.8.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk59QEIACgkQjRFFY3XAJMgkrwCdGcVGtIOBod3CI/my35jKrR5l
2x0AoKc+UCStUIS5/UZNgS/2HegUkJ0v
=2Gel
-----END PGP SIGNATURE-----
--- End Message ---
