Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 683360

Summary: net-analyzer/fail2ban-0.10.4 dependency on net-firewall/iptables should be optional on USE flag
Product: Gentoo Linux Reporter: Phil Stracchino (Unix Ronin) <phils>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Phil Stracchino (Unix Ronin) 2019-04-14 23:44:50 UTC 
net-analyzer/fail2ban has a hardcoded dependency in the ebuild on iptables or pf:

RDEPEND="
	kernel_linux? ( net-firewall/iptables )
	kernel_FreeBSD? ( sys-freebsd/freebsd-pf )
...


But I want to have it monitor the logs on an internal mailserver, and send remote commands to an edge firewall.  There is absolutely no purpose to me in running iptables on the mailserver.  If I am getting hostile traffic on my mailserver, I don't want to just make the mailserver plug its ears, I want to block that traffic from my entire network.

Could the iptables/freebsd-pf RDEPENDs be made conditional upon a USE flag?  Fail2ban ITSELF has no dependency whatsoever on iptables.  The dependency just forces me to install an additional package I don't need.  By all means default it to ON so as not to trigger any surprises on existing installations, but give us the option to turn it off.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2019-04-14 23:52:55 UTC 

*** This bug has been marked as a duplicate of bug 627872 ***