When the included logrotate script is used it will purge the chains created by fail2ban from iptables. (remove all banned ip addresses.) The line: /usr/bin/fail2ban-client reload 1>/dev/null || true Should be changed to: /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true In the case of fail2ban reload does more than just reload the config. Reproducible: Always Steps to Reproduce: 1.Install fail2ban. 2.Enable some rules. 3.Confirm fail2ban has banned some ip's. 4.Monitor when the log file is rotated by logrotate and watch your banned ip's get removed from iptables. Actual Results: All banned ip's get removed when log file is rotated. Expected Results: Log file should get rotated without removing banned ip's from iptables.
I can confirm this problem, and that the proposed fix works.
+*fail2ban-0.8.4-r1 (05 Nov 2010) + + 05 Nov 2010; Markos Chandras <hwoarang@gentoo.org> + +files/fail2ban-0.8.4-hashlib.patch, files/fail2ban-logrotate, + +fail2ban-0.8.4-r1.ebuild, +files/fail2ban-0.8.4-sshd-breakin.patch: + Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to + Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters + <harley@thepetersclan.com> for the patches. +
