[Python-modules-team] Bug#438901: marked as done ([patch] only parse SYN packets)

[Debian Bug Tracking System]

Your message dated Mon, 17 Feb 2020 11:45:04 +0100
with message-id <6340c8c6-13cf-6445-01fb-cbb8992b3...@debian.org>
and subject line closing for real
has caused the Debian Bug report #438901,
regarding [patch] only parse SYN packets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
438901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: fail2ban
Version: 0.8.1-1
Severity: wishlist
Tags: patch

--- Please enter the report below this line. ---

fail2ban generate rules for iptables matching only the port, for ex:
-A INPUT -p tcp -m multiport --dports 22,115 -j fail2ban-ssh

This is bad, and can result in a nice DoS for NATed users if two users
share the same IP, and one fails 3 times to login, then all connections
(including already established) are banned.

Proposed solution: filter only SYN paquets, so that established
connexions are not affected, only new (patch attached for
iptables-multiport, same solution could be applied to other actions as
well).

Regards,
Pierre

--- System information. ---
Architecture: amd64
Kernel:       Linux 2.6.21-2-amd64

Debian Release: lenny/sid
  500 unstable        ftp2.fr.debian.org

--- Package information. ---
Depends             (Version) | Installed
=============================-+-===========
python-central     (>= 0.5.8) | 0.5.14
python               (>= 2.4) | 2.4.4-6
iptables                      | 1.3.8.0debian1-1
lsb-base           (>= 2.0-7) | 3.1-24


--- iptables-multiport.conf	2007-05-19 13:04:58.000000000 +0200
+++ iptables-multiport-inl.conf	2007-08-20 18:01:49.000000000 +0200
@@ -13,13 +13,13 @@
 #
 actionstart = iptables -N fail2ban-<name>
               iptables -A fail2ban-<name> -j RETURN
-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> --syn -m state --state NEW -j fail2ban-<name>
 
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> --syn -m state --state NEW -j fail2ban-<name>
              iptables -F fail2ban-<name>
              iptables -X fail2ban-<name>
 

--- End Message ---

--- Begin Message ---
--- End Message ---

_______________________________________________
Python-modules-team mailing list
Python-modules-team@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team