On Mon, 22 Jan 2018, Ben Coleman wrote: > I ran into this on Ubuntu, and it seems the best way to handle this is > via a systemd override. I created a file > /etc/systemd/system/fail2ban.service.d/override.conf with contents:
> [Unit] > Requires=shorewall.service > After=shorewall.service > This adds shorewall.service to both the Requires and After parameters, > but won't be over-written when fail2ban is upgraded. > I don't think this is something that should be handled in the Debian (or > Ubuntu) repository, as not everyone who uses fail2ban is going to use > Shorewall. The fix needs to be crafted for the particular firewall > package being used. Unless you want to figure out all of the possible > combinations, and make a package for each combination to insert the > appropriate override file, which seems to me to be excessive. > As I run a private reprepro repository for my systems, I made my own > "f2b-shorewall" package, which inserts the above override file and also > inserts my standard fail2ban configuration (including configuring > fail2ban for shorewall) in /etc/fail2ban/jail.d/local.conf, and make my > package depend on fail2ban and shorewall. That way I install > f2b-shorewall, it pulls in fail2ban and shorewall, with initial > configuration of fail2ban done, and configuration of shorewall needing > done. I'm sure I'll be tweaking it when fail2ban 0.10 hits, and I have > to deal with shorewall6 in addition. > What would be helpful would be some documentation in README.Debian about > this issue, suggesting use of the overrride file for filewall packages > where this issue comes up. Hi Ben, thanks hm, a fail2ban-shorewall package might indeed be a viable idea, would depend on shorewall and provide that /etc/systemd/system/fail2ban.service.d/override.conf file for now indeed just adding a READMe.Debian entry Thanks -- Yaroslav O. Halchenko Center for Open Neuroscience http://centerforopenneuroscience.org Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik
