Hi Stephen,
version in testing/unstable already had check action changed to
actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
-n was present there for a while (check changelog)
this line is superior to checking just fail2ban-<name> chain because, if
chain exists -- checking just that one would also allow absent jump from
INPUT (ie fail2ban will not be in effect). Checking just INPUT for the
presence of fail2ban-<name> thus better. no jump might exist if there is
no chain.
Since it is not a security issue (per se) I am not sure if I will be
able to prove its validity for security update within etch. Thus I guess
the bug simply should be closed since the issue is not present within
lenny/sid. Please close if you agree
On Mon, 29 Oct 2007, Stephen Gran wrote:
> Package: fail2ban
> Version: 0.7.5-2
> Severity: minor
> Hi there,
> This is really more of an optimization thing that anything, and is not
> all that important. Currently, fail2ban does
> iptables -L | grep fail2ban-<name>
> There are two issues I have with this, both admittedly minor:
> This causes rdns lookups for all rulesets, which are potentially slow to
> return if you purposefully have entries to drop some invalid addresses
> not in DNS.
> Second, it ignores a feature of iptables: `iptables -L $chain` works
> just fine.
> Combining these two minor complaints, the correct action line would be:
> iptables -nL fail2ban-<name>
> Thanks for considering, and thanks for maintaining this,
> -- System Information:
> Debian Release: 4.0
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-5-xen-amd64
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
> LC_ALL set to en_US.UTF-8)
> Versions of packages fail2ban depends on:
> ii iptables 1.3.6.0debian1-5 administration tools for packet
> fi
> ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init
> scrip
> ii python 2.4.4-2 An interactive high-level
> object-o
> ii python-central 0.5.12 register and build utility for
> Pyt
> ii python2.4 2.4.4-3 An interactive high-level
> object-o
> fail2ban recommends no packages.
> -- no debconf information
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
