diff --git a/fail2ban.spec b/fail2ban.spec index 23e1a2e..1f04a9e 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -29,15 +29,20 @@ Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605 # https://bugzilla.redhat.com/show_bug.cgi?id=1808347 Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch +# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges. +# https://bugzilla.redhat.com/show_bug.cgi?id=1850164 +Patch8: https://github.com/fail2ban/fail2ban/commit/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch + +BuildArch: noarch BuildRequires: python3-devel BuildRequires: /usr/bin/2to3 # For testcases BuildRequires: python3-inotify BuildRequires: sqlite -BuildArch: noarch BuildRequires: systemd BuildRequires: selinux-policy-devel + # Default components Requires: %{name}-firewalld = %{version}-%{release} Requires: %{name}-sendmail = %{version}-%{release} @@ -45,6 +50,7 @@ Requires: %{name}-server = %{version}-%{release} # Currently this breaks jails that don't log to the journal #Requires: %{name}-systemd = %{version}-%{release} + %description Fail2Ban scans log files and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address. These rules can @@ -79,6 +85,7 @@ Requires(preun): systemd Requires(postun): systemd Requires: ipset Requires: iptables + Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) %description server @@ -185,11 +192,6 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3 # SELinux sources cp -p %SOURCE1 %SOURCE2 %SOURCE3 . -# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges. -# https://bugzilla.redhat.com/show_bug.cgi?id=1850164 -%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8 -sed -i "s/port = 0:65535/port = 0-65535/" config/jail.conf -%endif %build