From 4309a11968b65e3bef3b17b360055be097146cd6 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Wed, 14 Jun 2006 16:22:43 +0000 Subject: [PATCH] rm options adjusted, README.Debian to fix 373592 --- config/debian-initd | 2 +- debian/README.Debian | 13 +++++++++++++ debian/changelog | 9 +++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/config/debian-initd b/config/debian-initd index a6373ce6ad..bfcb3371cd 100644 --- a/config/debian-initd +++ b/config/debian-initd @@ -61,7 +61,7 @@ do_start() # we need to remove pid file or fail2ban would refuse to start # probably check could be ommited but... better be safe pidofproc $NAME $PIDFILE > /dev/null - [ $? -eq 2 ] && rm -rf $PIDFILE + [ $? -eq 2 ] && rm -f $PIDFILE start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 diff --git a/debian/README.Debian b/debian/README.Debian index 1f175a7f92..156f2ff871 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -23,6 +23,8 @@ next release which would handle split configuration files. Default behavior: ----------------- +* Enabled Sections: + Only handling of ssh files is enabled by default. If you want to use fail2ban with apache, please enable apache section manually in /etc/fail2ban.conf or enable section using command line parameter -e @@ -33,6 +35,17 @@ N.B. '-e' command line parameter is present solely in Debian release of fail2ban, thus it will not work if you decided to proceed with vanilla upstream. +* Multiport banning: + +Comment for the wishlist #373592. +Default iptables rules for banning use --dport statement which allows to +ban just a single port. For multiport banning you would need to adjust iptables +rules to use multiport module ( -m multiport --dports %(port)s ). If you would +like to ban all ports for that host, just redefine fwban/fwunban commands to +don't have --dport %(port)s statement at all (can be redefined on per-section +basis as well) +Such option is not enabled by default since multiport module might not be +compiled for some hand compiled kernels. Troubleshooting: --------------- diff --git a/debian/changelog b/debian/changelog index 6b3c9a8960..47049a9391 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +fail2ban (0.6.1-9) unstable; urgency=low + + * Adjusted rm commands in init script to don't use -r for removal of + the pidfile (thanks Stephen Gran) + * Added clarification about multiport banning to README.Debian + (closes: #373592) + + -- Yaroslav Halchenko Wed, 14 Jun 2006 12:05:44 -0400 + fail2ban (0.6.1-8) unstable; urgency=low * Removed bashism (arrays) from init.d script to make it POSIX shell