In the jail.local template, the fail2ban_action variable is wrapped with %( ... )s. This should not be the case - it is inconsistent with the way fail2ban_banaction is handled, but more importantly it prevents action parameters from being passed. Action parameters are added in square-brackets, and often contain individual python variables that are individually wrapped in %( ). See http://serverfault.com/a/629568 for a description.
The problem with fixing this is that the change will be backwards-breaking. Users should always have been including the %( ) in their fail2ban_action vars themselves, but will have had to strip them because the template includes them.
The fix is simple. But it would need highlighting in the docs so that people will see it straight away if they update and wonder why fail2ban won't start any more :)
In the jail.local template, the
fail2ban_action
variable is wrapped with%( ... )s
. This should not be the case - it is inconsistent with the way fail2ban_banaction is handled, but more importantly it prevents action parameters from being passed. Action parameters are added in square-brackets, and often contain individual python variables that are individually wrapped in%( )
. See http://serverfault.com/a/629568 for a description.The problem with fixing this is that the change will be backwards-breaking. Users should always have been including the
%( )
in theirfail2ban_action
vars themselves, but will have had to strip them because the template includes them.The fix is simple. But it would need highlighting in the docs so that people will see it straight away if they update and wonder why fail2ban won't start any more :)