Bug#773863: fail2ban: jail name is too long

Wed, 24 Dec 2014 02:09:47 -0800 

Package: fail2ban
Version: 0.8.6-3wheezy3
Severity: minor

Hello,

If you enable the apache-overflows jail, fail2ban reports the following:

fail2ban.actions.action: ERROR  iptables -N fail2ban-apache-overflows
iptables -A fail2ban-apache-overflows -j RETURN
iptables -I INPUT 1 -p tcp -m multiport --dports http,https -j 
fail2ban-apache-overflows
iptables -N fail2ban-apache-overflows-log
iptables -I fail2ban-apache-overflows-log -j LOG --log-prefix "$(expr 
fail2ban-apache-overflows : '\(.\{1,23\}\)'):DROP " --log-level warning -m 
limit --limit 6/m --limit-burst 2
iptables -A fail2ban-apache-overflows-log -j DROP returned 200

this is because chain name must be shorter than 29 characters:
# iptables -N fail2ban-apache-overflows-log
iptables v1.4.14: chain name `fail2ban-apache-overflows-log' too long (must be 
under 29 chars)
Try `iptables -h' or 'iptables --help' for more information.

The solution here is to rename the jail to something shorter.

Best regards,
Ghostdog

-- System Information:
Debian Release: 7.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages fail2ban depends on:
ii  lsb-base        4.1+Debian8+deb7u1
ii  python          2.7.3-4+deb7u1
ii  python-central  0.6.17

Versions of packages fail2ban recommends:
ii  iptables      1.4.14-3.1
ii  python-gamin  0.1.10-4.1
ii  whois         5.1.1~deb7u1

Versions of packages fail2ban suggests:
ii  bsd-mailx [mailx]  8.1.2-0.20111106cvs-1+deb7u1

-- Configuration Files:
/etc/fail2ban/action.d/iptables-multiport-log.conf changed [not included]
/etc/fail2ban/action.d/iptables-multiport.conf changed [not included]
/etc/fail2ban/action.d/iptables-new.conf changed [not included]
/etc/fail2ban/action.d/iptables.conf changed [not included]
/etc/fail2ban/filter.d/postfix.conf changed [not included]

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to