On 03/23/2011 09:19 PM, Yaroslav Halchenko wrote:
> don't we want it to be "active" in the default configuration, i.e.
> actually have the commented out
>
> actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name
> fail2ban- -j DROP
You're right, of course.
> 2. in defaults file
Hi Zbigniew,
thanks for taking time with completing this little project ;)
few questions:
1. in the action.d file:
> +#safeguard in case the fail2ban process dies unexpectedly. The
> +#shorter of the two timeouts actually matters.
> +# actionstart = iptables -I INPUT -m recent --update -
Hi Yaroslav,
I've prepared an updated patch. Most changes are in comments. The
iptables rule which I previously proposed was unnecessarily
complicated. Just one line is enough. I've added it as an
'actionstart' rule in the action file. It can be used directly if
fail2ban runs as root. If fail2ban
oops -- I originally misread the subject as talking about squeeze ;)
as for wheezy -- I guess there should be no problem. I would just need
to find some time ;-)
On Thu, 10 Mar 2011, Yaroslav Halchenko wrote:
> unfortunately I am not sure if release team would agree to accept it
> since this is
Hi Zbyszek,
sorry that I've not followed up on the original report you submitted...
it is indeed an interesting approach
please send a patch for init.d script so it would allow it to operate as
root by default, and if /etc/default/fail2ban defines "the user" to
operate as -- it uses it to start
Hi,
if you'd be willing to merge something like this, I'd be happy to
provide whatever help I can. If this would be useful, I can prepare a
more complete patch (including /etc/init.d/fail2ban and
/etc/logrotate.d/fail2ban changes).
Best,
Zbyszek
--
To UNSUBSCRIBE, email to debian-bugs-dist
6 matches
Mail list logo