Bug 301139

Summary:	net-analyzer/fail2ban-0.8.4: logrotate script purges fail2ban chains from iptables when run.
Product:	Gentoo Linux	Reporter:	Harley Peters <harley>
Component:	New packages	Assignee:	Gentoo Netmon project <netmon>
Status:	RESOLVED FIXED
Severity:	enhancement	CC:	hwoarang, m.kefeder
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Harley Peters 2010-01-15 21:13:52 UTC

When the included logrotate script is used it will purge the chains created by fail2ban from iptables. (remove all banned ip addresses.)

The line:
/usr/bin/fail2ban-client reload 1>/dev/null || true

Should be changed to:
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true

In the case of fail2ban reload does more than just reload the config.


Reproducible: Always

Steps to Reproduce:
1.Install fail2ban.
2.Enable some rules.
3.Confirm fail2ban has banned some ip's.
4.Monitor when the log file is rotated by logrotate and watch your banned ip's get removed from iptables.

Actual Results:  
All banned ip's get removed when log file is rotated.

Expected Results:  
Log file should get rotated without removing banned ip's from iptables.

Comment 1 Michael Kefeder 2010-05-18 05:11:50 UTC

I can confirm this problem, and that the proposed fix works.

Comment 2 Markos Chandras (RETIRED) gentoo-dev

2010-11-05 15:01:28 UTC

+*fail2ban-0.8.4-r1 (05 Nov 2010)
+
+  05 Nov 2010; Markos Chandras <hwoarang@gentoo.org>
+  +files/fail2ban-0.8.4-hashlib.patch, files/fail2ban-logrotate,
+  +fail2ban-0.8.4-r1.ebuild, +files/fail2ban-0.8.4-sshd-breakin.patch:
+  Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to
+  Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters
+  <harley@thepetersclan.com> for the patches.
+