Package: fail2ban Version: 0.8.6-3 Severity: important Setting ignoreip in jail.conf to something wrong may lead fail2ban to think that ignoreip = 0.0.0.0/0 was set!
Some times ago I set in my jail.conf: ignoreip = 127.0.0.1/8,172.16.0.0/12 At this time no comment in configuration file told my that the IP/subnet list has to be separted by spaces. Today I found out that fail2ban don't care about any configured jails - nothing happens when thousands of failed login attempts are done. After a long time of troubleshooting I found out that the only change needed to be done was this: ignoreip = 127.0.0.1/8 172.16.0.0/12 (reading /usr/share/doc/fail2ban/examples/jail.conf.gz give me the clue because the comment above the ignoreip line told me to use spaces not commas) >From what I found out is that fail2ban seems to misinterpret the ignoreip line without any worries - and behave like "ignoreip = 0.0.0.0/0". Turing debugging level 4 on only gives this information: 2012-11-10 21:26:29,408 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addignoreip', '127.0.0.1/8,172.16.0.0/12'] 2012-11-10 21:26:29,408 fail2ban.filter : DEBUG Add 127.0.0.1/8,172.16.0.0/12 to ignore list These lines don't give me any hint that something is going wrong here. I think that behavior is a big surprise for any user. A very small failure leads to a very big security hole - fail2ban silently stops working! (well, it runs but just do absolut nothing) I don't know the code but maybe there is better way for parsing this line which would lead to a clear error message when starting fail2ban with such a misconfigure line. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
