rpms
/
fail2ban
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add patch.

Browse Source
i9ce
Richard Shaw 4 years ago
parent 48c7cf6380
commit 12188f8862
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File

42
309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
Unescape View File

@ -0,0 +1,42 @@
From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Wed, 24 Jun 2020 19:20:36 +0200
Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
range selector (replacing `:` with `-`)
---
config/action.d/nftables.conf | 2 +-
fail2ban/tests/servertestcase.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
index c1fb8550f..77cf36615 100644
--- a/config/action.d/nftables.conf
+++ b/config/action.d/nftables.conf
@@ -34,7 +34,7 @@ type = multiport
rule_match-custom =
rule_match-allports = meta l4proto \{ <protocol> \}
-rule_match-multiport = $proto dport \{ <port> \}
+rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
match = <rule_match-<type>>
# Option: rule_stat
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index b771ab50b..f1b667b12 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
),
'ip4-start': (
r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
),
'ip6-start': (
r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
- r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
+ r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
),
'flush': (
"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",
Write Preview
Loading…
Cancel
Save