Package: fail2ban Version: 0.5.2-4 Severity: wishlist It would be good to note that if the user has or modifies the INPUT chain they will need to include rules (and their names) to keep fail2ban working.
I didn't appreciate this and accidentally disabled it. Also, I'm not sure if the rules will be in place properly if one restarts the system. I gather the fail2ban daemon inserts appropriate rules into the INPUT chain (do I mean table?), but I'm not sure how the timing of that works out relative to other spots the user might set firewall rules (e.g., via /etc/network/interfaces or other scripts). The desirable behavior is not clear to me. On the one hand, if fail2ban starts late, the firewall rules are likely to be around, and it's less likely fail2ban's rule will be overwritten. That seems good, particularly because someone who just installs it will have a working system. On the other hand, if someone wants to control exactly where the fail2ban rules are activated, they will want to install the rules manually and not have fail2ban and a potential duplicate at another position. Possible solutions: add a config and startup option to control whether fail2ban rewrites INPUT. Or scan the existing INPUT table to see if a reference to the fail2ban-xxx chain is already present, and insert the reference only if it is missing. The minimalist solution is just documenting what's going on and leaving it to the administrator to be sure things are OK. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27advncdfs Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages fail2ban depends on: ii iptables 1.3.3-2 Linux kernel 2.4+ iptables adminis ii python 2.3.5-3 An interactive high-level object-o fail2ban recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
