Greetings,
I have Fail2ban v0.11.1 running on FreeBSD 12.0
Following jail works just fine:
=========================
[DEFAULT]
banaction = pf
[ssh-pf]
enabled = true
port = 22322
filter = sshd
maxretry = 3
logpath = /var/log/auth.log
findtime = 600
bantime = 6h
=========================
Tho when I do something like this:
=========================
[DEFAULT]
banaction = pf
[ssh-pf]
enabled = true
port = 22322
filter = sshd
maxretry = 3
action = pf
logpath = /var/log/auth.log
findtime = 600
bantime = 6h
=========================
I'm getting following error:
echo "block quick proto tcp from <f2b-ssh-pf> to any port $port" | pfctl
-a f2b/ssh-pf -f-
2020-03-25 07:32:35,880 fail2ban.utils [10959]: ERROR
8024382b0 -- stderr: 'stdin:1: syntax error'
2020-03-25 07:32:35,881 fail2ban.utils [10959]: ERROR
8024382b0 -- stderr: 'pfctl: Syntax error in config file: pf rules not
loaded'
2020-03-25 07:32:35,881 fail2ban.utils [10959]: ERROR
8024382b0 -- returned 1
^^^^^^^^ because $port is not defined, so looks like when I explicitly
define "action = pf" under a jail section --> jails "port" option is
ignored. Is that normal behavior?
Another quick question I was not able to google: is option banaction
alias for action, so you don't really care what to use?
Thanks
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
