Bug#1049452: fail2ban should use nftables by default.

[Luca Capello]

fixed 1049452 1.0.2-3
user l...@pca.it
Usertags 1049452 + pca.it-security
thanks

Hi there,

On Wed, 16 Aug 2023 09:50:30 +1000, Peter Chubb wrote:
>   iptables is deprecated; fail2ban can use nft instead.
>   Please make nftables the default banning method in 
>   /etc/fail2ban/jail.conf, and consider changing the Recommends: 
>   to a Depends: for nftables.

I just got hit by this as well (plus the systemd backend issue) and
after some research I found out that Sylvestre Ledru released a fixed
package one week ago already, albeit IMHO this needs a
stable-backports or, better, a stable-proposed-updates (thus not
closing this bug):

  
   


Thx, bye,
Gismo / Luca


signature.asc
Description: PGP signature

Bug#1049452: fail2ban should use nftables by default.

[Peter Chubb]

Package: fail2ban
Version: 1.0.2-2
Severity: wishlist

Dear Maintainer,

iptables is deprecated; fail2ban can use nft instead.
Please make nftables the default banning method in 
/etc/fail2ban/jail.conf, and consider changing the Recommends: 
to a Depends: for nftables.

-- System Information:
Debian Release: 12.1
  APT prefers stable
  APT policy: (1002, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-1-amd64 (SMP w/28 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fail2ban depends on:
ii  python3  3.11.2-1+b1

Versions of packages fail2ban recommends:
ii  nftables   1.0.6-2+deb12u1
ii  python3-pyinotify  0.9.6-2
ii  python3-systemd235-1+b2
ii  whois  5.5.17

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]8.1.2-0.20220412cvs-1
pn  monit
ii  rsyslog [system-log-daemon]  8.2302.0-1
pn  sqlite3  


-- no debconf information