Closed alisonjenkins closed 6 years ago
The PR mentioned is: https://github.com/lelutin/puppet-fail2ban/pull/28
Hi there Alan, and thanks for reporting this.
Could you provide a bit more information about the setup that is seeing the error? what is your distribution and release, and what is the version of fail2ban?
Hey Lelutin,
Sorry for the delay in replying. Here are the versions:
CentOS Linux release 7.2.1511 (Core)
iptables 1.4.21
fail2ban 0.9.6-3.el7
Thanks,
Alan Jenkins
whoosh! it's been forever since I touched this module :(
thanks a bunch for the added information!
I was able to reproduce this problem with the snippet your provided when opening this issue, on debian stretch with fail2ban 0.9.6
using "all" textually used to work with fail2ban 0.8.x but it doesn't anymore.
your suggestion in the pull request seems good. I'll test it out and if it works, I'll merge it
I've merged and pushed your pull request to fix this issue! the fix you suggested was actually always useful so I took it out of the if block.
I've added some other fixes and support for debian stretch (minimally tested), and released a new version, 2.0.0 that contains the fix to this issue.
thanks for your help!
Hey Lelutin,
No problem thanks for getting that sorted :+1:.
Thanks,
Alan Jenkins
On Tue, 7 Nov 2017, 12:32 Gabriel Filion, notifications@github.com wrote:
I've merged and pushed your pull request to fix this issue! the fix you suggested was actually always useful so I took it out of the if block.
I've added some other fixes and support for debian stretch (minimally tested), and released a new version, 2.0.0 that contains the fix to this issue.
thanks for your help!
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lelutin/puppet-fail2ban/issues/27#issuecomment-342468718, or mute the thread https://github.com/notifications/unsubscribe-auth/ABHzCBcK7HhPX7nUTCp9ggJN6DVBhKPmks5s0E33gaJpZM4PtvqC .
Hey Lelutin,
When using the port specification 'all' as shown in the documentation:
iptables returns:
iptables -w -I INPUT -p tcp -m multiport --dports all -j f2b-ssh -- stderr: "iptables v1.4.21: invalid port/service `all' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"
At some point in either the jail.pp define or the erb template all should probably be converted to '1:65535'.
I have submitted a PR to do this in the jail define.
Are you happy with this approach or can you think of a better way to do this?
Thanks,
Alan Jenkins