search

lelutin / puppet-fail2ban

Manage fail2ban and its jails with puppet
GNU General Public License v3.0
8 stars 31 forks source link

--dports all is invalid for iptables #27

Closed alisonjenkins closed 6 years ago

alisonjenkins commented 6 years ago

Hey Lelutin,

When using the port specification 'all' as shown in the documentation:

fail2ban::jail { 'jenkins':
  port    => 'all',
  filter  => 'jenkins',
  logpath => '/var/log/jenkins.log',
}

iptables returns:

iptables -w -I INPUT -p tcp -m multiport --dports all -j f2b-ssh -- stderr: "iptables v1.4.21: invalid port/service `all' specified\nTry `iptables -h' or 'iptables --help' for more information.\n"

At some point in either the jail.pp define or the erb template all should probably be converted to '1:65535'.

I have submitted a PR to do this in the jail define.

Are you happy with this approach or can you think of a better way to do this?

Thanks,

Alan Jenkins

alisonjenkins commented 6 years ago

The PR mentioned is: https://github.com/lelutin/puppet-fail2ban/pull/28

lelutin commented 6 years ago

Hi there Alan, and thanks for reporting this.

Could you provide a bit more information about the setup that is seeing the error? what is your distribution and release, and what is the version of fail2ban?

alisonjenkins commented 6 years ago

Hey Lelutin,

Sorry for the delay in replying. Here are the versions:

CentOS Linux release 7.2.1511 (Core)
iptables 1.4.21
fail2ban 0.9.6-3.el7

Thanks,

Alan Jenkins

lelutin commented 6 years ago

whoosh! it's been forever since I touched this module :(

thanks a bunch for the added information!

I was able to reproduce this problem with the snippet your provided when opening this issue, on debian stretch with fail2ban 0.9.6

using "all" textually used to work with fail2ban 0.8.x but it doesn't anymore.

your suggestion in the pull request seems good. I'll test it out and if it works, I'll merge it

lelutin commented 6 years ago

I've merged and pushed your pull request to fix this issue! the fix you suggested was actually always useful so I took it out of the if block.

I've added some other fixes and support for debian stretch (minimally tested), and released a new version, 2.0.0 that contains the fix to this issue.

thanks for your help!

alisonjenkins commented 6 years ago

Hey Lelutin,

No problem thanks for getting that sorted :+1:.

Thanks,

Alan Jenkins

On Tue, 7 Nov 2017, 12:32 Gabriel Filion, notifications@github.com wrote:

I've merged and pushed your pull request to fix this issue! the fix you suggested was actually always useful so I took it out of the if block.

I've added some other fixes and support for debian stretch (minimally tested), and released a new version, 2.0.0 that contains the fix to this issue.

thanks for your help!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lelutin/puppet-fail2ban/issues/27#issuecomment-342468718, or mute the thread https://github.com/notifications/unsubscribe-auth/ABHzCBcK7HhPX7nUTCp9ggJN6DVBhKPmks5s0E33gaJpZM4PtvqC .