> I'm probably not aware of all the implications of different > misconfigurations, but I thought 329163 was about the problems that > happen if, for example, fail2ban-ssh is missing. In contrast, in the > case I'm thinking of, fail2ban-ssh (the table) is present, but there > are no references to it from the INPUT table. You do have deeper understanding of the problem and outcomes than I do ;-) I didn't bother to bisect the problem in two (missing fail2ban chaing, missing -j to the chain) because either of them is bad. You are 100% right that outcomes are different, but I think that the solution to both bug reports should come as a 1 piece ;-)
> My understanding of 329163, or even the consequences of the scenario I
> describe, may be faulty. I agree that both problems arise from the
> general category "somebody messes with the tables after fail2ban runs."
> > note in README.Debian. Hopefully soon (if there will be not that many
> > bug reports) recent fail2ban will get into testing, thus the others will
> > see that note :-)
> This wish was mostly for some more documentation, so if it's already
> done my wish has been granted :)
I might adjust README.Debian to reflect the two-fold problem as you
brought it up. So, in any way, discussion was useful - thank you.
I will merge this bug with #329163 so we the issue open till we fix it
in a proper way
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpp0OzKUNzTn.pgp
Description: PGP signature
