[pkg-netfilter-team] Bug#923000: iptables-apply does not restart fail2ban when reverting
Richard Lewis
richard.lewis.debian at googlemail.com
Fri Feb 22 21:12:41 GMT 2019
Package: iptables
Version: 1.6.0+snapshot20161117-6
Severity: normal
File: /sbin/iptables-apply
Tags: patch
Dear Maintainer,
iptables-apply stops fail2ban (line 48) but only
restarts it if it gets to line 291. If rules were
reverted line 291 is not executed and the system
is not in the same state as before.
I suggest restarting fail2ban in revertrules as well
--- /usr/sbin/iptables-apply 2017-04-12 10:41:06.000000000 +0100
+++ /tmp/iptabls-appply.new 2019-02-22 13:24:30.361996547 +0000
@@ -122,6 +122,7 @@
echo -n "Reverting to old iptables rules... "
"$RESTORE" <"$TMPFILE"
echo "done."
+ [ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start
}
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages iptables depends on:
ii libc6 2.24-11+deb9u4
ii libip4tc0 1.6.0+snapshot20161117-6
ii libip6tc0 1.6.0+snapshot20161117-6
ii libiptc0 1.6.0+snapshot20161117-6
ii libnetfilter-conntrack3 1.0.6-2
ii libnfnetlink0 1.0.1-3
ii libxtables12 1.6.0+snapshot20161117-6
iptables recommends no packages.
Versions of packages iptables suggests:
ii kmod 23-2
-- no debconf information
More information about the pkg-netfilter-team
mailing list