reopen 860397 found 860397 0.8.13-1 stop Hi Yaroslav,
I'm assuming the original bug submitter had the jail.conf copied to jail.local for customization. This is the error I get on an upgrade from jessie to stretch, with the default config from jessie: > ERROR Failed during configuration: While reading from > '/etc/fail2ban/jail.conf' [line 155]: option 'port' in section 'pam-generic' > already exists The relevant config snipped is: ----8<------8<------8<------8<------8<------8<------8<------8<------8<-- [pam-generic] enabled = false # pam-generic filter can be customized to monitor specific subset of 'tty's filter = pam-generic # port actually must be irrelevant but lets leave it all for some possible uses port = all banaction = iptables-allports port = anyport logpath = /var/log/auth.log maxretry = 6 ----8<------8<------8<------8<------8<------8<------8<------8<------8<-- Commenting out "port = anyport" lets fail2ban cleanly restart again. So the mistake is shipped in the jessie package, and upgrading causes fail2ban to fail to restart. It looks like the fail2ban parser in 0.8.13 doesn't care about duplicate port parameters. I recommend fixing the bug in jessie (removing the line in postinst) to ensure a smooth upgrade. It's safe to remove that line in jessie, fail2ban continues to work there. Regards, Lee