You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fail2ban/309c8dddd7adc2de140ed5a7208...

43 lines
1.9 KiB

4 years ago
From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Wed, 24 Jun 2020 19:20:36 +0200
Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
range selector (replacing `:` with `-`)
---
config/action.d/nftables.conf | 2 +-
fail2ban/tests/servertestcase.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
index c1fb8550f..77cf36615 100644
--- a/config/action.d/nftables.conf
+++ b/config/action.d/nftables.conf
@@ -34,7 +34,7 @@ type = multiport
rule_match-custom =
rule_match-allports = meta l4proto \{ <protocol> \}
-rule_match-multiport = $proto dport \{ <port> \}
+rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
match = <rule_match-<type>>
# Option: rule_stat
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index b771ab50b..f1b667b12 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
),
'ip4-start': (
r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
),
'ip6-start': (
r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
),
'flush': (
"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",