On Wed, Oct 12, 2005 at 11:24:53AM -0400, Yaroslav Halchenko wrote: > Hi > > I've hacked a fix for the problem of "missing chain". Could you please > try the most recent version (not yet in Debian mainstream) available > from > > http://itanix.rutgers.edu/rumba/dists/unstable/perspect/binary-all/net/ > > While upgrading you might need to update your config file with a fresh > one shipped with the package (as the WARNING might state) > > I would greatly appreciate your feedback.
I'm running mostly testing, and did a regular upgrade to 0.5.4-5 and then got your recent (-5.14) deb and installed it. My style is to keep my old config file and then merge in the changes and restart after the main install is done. 1. The most substantive thing I notice is that the ignoreip configuration setting does not seem to be used--that is, I see no sign of it in my iptables -nvL rules. I have that option set, though it's set to the same value as the default (I set it before the current default was in effect.) 2. You have a number of multi-line options without the \ character in the config file. E.g., fwend. Do the later lines actually get used? A related question: do the multiple lines of, e.g., fwcheck, all get used appropriately? 3. The [EMAIL PROTECTED] should solve the mail problems, but it is potentially very confusing for someone who redirects their mail. As I mentioned earlier, there must be a standard way to solve the problem, though I don't know what it is. One could generate a domain name with shell magic trying /etc/mailname, hostname --fqdn (hmm, the latter gives localhost for me--but I'm not configured properly), and localhost as a last resort. 4. The latest Debian changelog entry includes " Implemented automatic restart of fail2ban main function in case if check of fwban or fwban command failed" Should both of those fwban's be there? It would be more idiomatic to delete the "if" after "in case." 5. For you reference, fail2ban (0.5.4-3) unstable; urgency=low * Resolved the mistery The word is "mystery." 6. Since I didn't update the configuration file, after the initial install I got "Starting fail2ban: 2005-10-18 12:11:45,656 WARNING: No 'reinittime' defined in 'DEFAULT' 2005-10-18 12:11:45,663 WARNING: No 'maxreinits' defined in 'DEFAULT' fail2ban. " It wasn't entirely clear to me whether fail2ban was running in this case, though I think it was (since it's only a warning). To clarify this, you might add "defaulting to maxreinits = -1" or whatever the default behavior is. As I mentioned, I subsequently edited the configuration file and restarted the demon. Thanks. Ross Boylan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]