Dear Martin, ok - I see now more clearly but the reason is the same: confusion between interpolated values and substituted by fail2ban (which is a limited set of names). so whenever you provide parameters for action like
iptables[bla=zzz]
"bla" has to be handled as fail2ban config parameter (the ones found now in <>).
here I managed confuse you and myself in my first reply
since config files loaded separately in pairs .conf .local,
interpolations do not penetrate from one to another, thus whatever is
defined (besides fail2ban parameter mentioned above) in a section
within jail.conf has to be passed as the fail2ban action parameter.
In your config you mixed up the two:
[Definition]
actionstart = iptables -N fail2ban-<name>
iptables -I <fwchain> -m state --state NEW -p <protocol> --dport
<port> -j fail2ban-<name>
%(post_start_commands)s
actionstop = <pre_end_commands>
....
do you see the problem???
Indeed difference between interpolated and parameters to actions
is worth documenting: I will add a note to README.Debian. I will close
this bug after introducing respective documentation
Please find my fix to your configuration attached...
> So my question is how I can override the defaults from the jail
> configuration.
simply by redefining in jail.local. in your case you are not only
redefining it but trying to introduce additional parameters into action
and mixing up parameters and interpolations
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
fail2ban.martin.tgz
Description: application/tar-gz
pgpOVWIzfgPrX.pgp
Description: PGP signature
