From 12188f88628fe16520e731e943e51e7ff230e5ac Mon Sep 17 00:00:00 2001
From: Richard Shaw <hobbes1069@gmail.com>
Date: Sat, 25 Jul 2020 07:13:14 -0500
Subject: [PATCH] Add patch.

---
 ...8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch

diff --git a/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch b/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
new file mode 100644
index 0000000..2039459
--- /dev/null
+++ b/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
@@ -0,0 +1,42 @@
+From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Wed, 24 Jun 2020 19:20:36 +0200
+Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
+ range selector (replacing `:` with `-`)
+
+---
+ config/action.d/nftables.conf    | 2 +-
+ fail2ban/tests/servertestcase.py | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
+index c1fb8550f..77cf36615 100644
+--- a/config/action.d/nftables.conf
++++ b/config/action.d/nftables.conf
+@@ -34,7 +34,7 @@ type = multiport
+ 
+ rule_match-custom =
+ rule_match-allports = meta l4proto \{ <protocol> \}
+-rule_match-multiport = $proto dport \{ <port> \}
++rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
+ match = <rule_match-<type>>
+ 
+ # Option:  rule_stat
+diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
+index b771ab50b..f1b667b12 100644
+--- a/fail2ban/tests/servertestcase.py
++++ b/fail2ban/tests/servertestcase.py
+@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
+ 				),
+ 				'ip4-start': (
+ 					r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
+-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
++					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
+ 				), 
+ 				'ip6-start': (
+ 					r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
+-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
++					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
+ 				),
+ 				'flush': (
+ 					"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",