You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.9 KiB
43 lines
1.9 KiB
4 years ago
|
From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
|
||
|
From: sebres <serg.brester@sebres.de>
|
||
|
Date: Wed, 24 Jun 2020 19:20:36 +0200
|
||
|
Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
|
||
|
range selector (replacing `:` with `-`)
|
||
|
|
||
|
---
|
||
|
config/action.d/nftables.conf | 2 +-
|
||
|
fail2ban/tests/servertestcase.py | 4 ++--
|
||
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
|
||
|
index c1fb8550f..77cf36615 100644
|
||
|
--- a/config/action.d/nftables.conf
|
||
|
+++ b/config/action.d/nftables.conf
|
||
|
@@ -34,7 +34,7 @@ type = multiport
|
||
|
|
||
|
rule_match-custom =
|
||
|
rule_match-allports = meta l4proto \{ <protocol> \}
|
||
|
-rule_match-multiport = $proto dport \{ <port> \}
|
||
|
+rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
|
||
|
match = <rule_match-<type>>
|
||
|
|
||
|
# Option: rule_stat
|
||
|
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
|
||
|
index b771ab50b..f1b667b12 100644
|
||
|
--- a/fail2ban/tests/servertestcase.py
|
||
|
+++ b/fail2ban/tests/servertestcase.py
|
||
|
@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
|
||
|
),
|
||
|
'ip4-start': (
|
||
|
r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
|
||
|
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
|
||
|
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
|
||
|
),
|
||
|
'ip6-start': (
|
||
|
r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
|
||
|
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
|
||
|
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
|
||
|
),
|
||
|
'flush': (
|
||
|
"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",
|