Open alexghergh opened 2 years ago
Hmm...
I guess in such case (fail2ban sending mails), it can either get Wants=
or Requires=
dependency.
Isn't it simply feasible in your local override.conf (systemctl edit fail2ban
)?
Although we could indeed change the ordering dependency in: https://github.com/fail2ban/fail2ban/blob/92d5455bdd5df080863a030258e290d44e6e10a6/files/fail2ban.service.in#L4
@fail2ban/maintainers what do you think about possible consequences (e. g. certain delay of fail2ban start, platform dependency or some system constellation, etc)?
Thanks for the quick answer!
Indeed it seems to work if I modify the local override.conf file. Seems a bit unintuitive to have to override this setting, however it makes sense that you would want to start fail2ban immediately after the software establishes the network interface. This leaves open the aforementioned case, though.
Environment:
Output of
uname -a
:Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux
The issue:
When the system boots, the fail2ban service fails to send an email to an outside system, due to failed DNS name resolution. This happens due to the fact that the systemd
fail2ban.service
unit doesn't wait for IP address acquisition before startingfail2ban
.Steps to reproduce
Have fail2ban send an email to an outside system (in my case,
google.com
email address) when jails are started (refer to config below).Expected behavior
The email would be sent normally.
Observed behavior
The email gets stuck in a
dead.letter
inside the user's home directory.Any additional information
Configuration, dump and another helpful excerpts
Any customizations done to /etc/fail2ban/ configuration
Relevant parts of /var/log/fail2ban.log file:
The systemd fail2ban unit file has the following line as an
After
:For the issue above to be fixed, the line should be changed to:
From the Freedesktop systemd man page:
I am aware that this issue doesn't necessarily affect
fail2ban
itself, but rather an external tool thatfail2ban
is using.