Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added iptables-legacy to installed packages #26

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Added iptables-legacy to installed packages #26

merged 1 commit into from
Oct 23, 2024

Conversation

dustinwilson
Copy link
Contributor

linuxserver.io

  • [x ] I have read the contributing guideline and understand that I have made the correct modifications

Description:

The recent rebase to Alpine 3.19 broke the functionality on hosts which use iptables such as Unraid. This PR also installs the Alpine package iptables-legacy so that users on these systems may still use the container. This PR fixes #25.

Benefits of this PR and context:

The container is unusable on hosts which only have iptables. With this PR it will remain usable.

How Has This Been Tested?

Installed a container on two computers, one which is an Unraid system and another an Arch linux system. The Unraid one uses iptables while the Arch one uses nftables. I configured fail2ban to monitor ssh on each, and an entry was added to the tables for ssh as expected. After multiple test unsuccessful attempts it blocked me afterwards. @danielaranki performed a similar test last week and showed his findings in #25.

The user will need to specify in their jail.local file which backend to use (also pointed out by @danielaranki in #25):

banaction = iptables-multiport[iptables=iptables-legacy]

github-actions[bot]
github-actions bot reviewed May 24, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for opening this pull request! Be sure to follow the pull request template!

danielaranki
danielaranki approved these changes May 24, 2024
View reviewed changes
Copy link

@danielaranki danielaranki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This provides a resolution to #25.

If this PR gets merged, it is recommended that the documentation in https://github.com/linuxserver/fail2ban-confs be updated to advise users to the availability of both iptables backends and how to choose between them in conf files. I'm happy to open an issue and subsequently a PR there once (and if) this PR gets merged.

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-a4dab79a-dev-7c79365b68862a9114204d7fbd1ec6824b26579b-pr-26/index.html
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-a4dab79a-dev-7c79365b68862a9114204d7fbd1ec6824b26579b-pr-26/shellcheck-result.xml

Tag Passed
amd64-1.0.2-r3-pkg-a4dab79a-dev-7c79365b68862a9114204d7fbd1ec6824b26579b-pr-26
arm64v8-1.0.2-r3-pkg-a4dab79a-dev-7c79365b68862a9114204d7fbd1ec6824b26579b-pr-26

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-70d76770-dev-330801d4feee2895657c0ca41c44af8d194f8495-pr-26/index.html
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-70d76770-dev-330801d4feee2895657c0ca41c44af8d194f8495-pr-26/shellcheck-result.xml

Tag Passed
amd64-1.0.2-r3-pkg-70d76770-dev-330801d4feee2895657c0ca41c44af8d194f8495-pr-26
arm64v8-1.0.2-r3-pkg-70d76770-dev-330801d4feee2895657c0ca41c44af8d194f8495-pr-26

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-07be558e-dev-f090218fe0452ffe14603afba9cff51dbc2dc906-pr-26/index.html
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-07be558e-dev-f090218fe0452ffe14603afba9cff51dbc2dc906-pr-26/shellcheck-result.xml

Tag Passed
amd64-1.0.2-r3-pkg-07be558e-dev-f090218fe0452ffe14603afba9cff51dbc2dc906-pr-26
arm64v8-1.0.2-r3-pkg-07be558e-dev-f090218fe0452ffe14603afba9cff51dbc2dc906-pr-26

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-baee7599-dev-d6bc2ba25e43e2c8c28a9ed7f1069d3c80cfc61a-pr-26/index.html
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-baee7599-dev-d6bc2ba25e43e2c8c28a9ed7f1069d3c80cfc61a-pr-26/shellcheck-result.xml

Tag Passed
amd64-1.0.2-r3-pkg-baee7599-dev-d6bc2ba25e43e2c8c28a9ed7f1069d3c80cfc61a-pr-26
arm64v8-1.0.2-r3-pkg-baee7599-dev-d6bc2ba25e43e2c8c28a9ed7f1069d3c80cfc61a-pr-26

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-56777ab5-dev-d40135ac81953cddac83d8019f7c2e38929257ba-pr-26/index.html
https://ci-tests.linuxserver.io/lspipepr/fail2ban/1.0.2-r3-pkg-56777ab5-dev-d40135ac81953cddac83d8019f7c2e38929257ba-pr-26/shellcheck-result.xml

Tag Passed
amd64-1.0.2-r3-pkg-56777ab5-dev-d40135ac81953cddac83d8019f7c2e38929257ba-pr-26
arm64v8-1.0.2-r3-pkg-56777ab5-dev-d40135ac81953cddac83d8019f7c2e38929257ba-pr-26

@drizuid
Copy link
Member

drizuid commented Oct 12, 2024
edited
Loading

I see no reason to not add this in, we do this in swag for fail2ban also. once #29 is merged, this will need to be updated against that. Apologies for the delays on this, it slipped our notice, but at least you get some hacktoberfest credit for it now :)

@drizuid drizuid requested a review from a team October 12, 2024 13:55
@drizuid drizuid added the work-in-progress Stale exempt label Oct 12, 2024
nemchik
nemchik approved these changes Oct 12, 2024
View reviewed changes
Copy link
Member

@nemchik nemchik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't be an issue to merge this. I don't think it has any effect until the confs are changed. A previous comment mentioned updating the docs in the config repo as well.

@nemchik nemchik merged commit 5d1fb17 into linuxserver:main Oct 23, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@nemchik nemchik nemchik approved these changes

@danielaranki danielaranki danielaranki approved these changes

Assignees
No one assigned
Labels
work-in-progress Stale exempt
Projects
Issue & PR Tracker
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] fail2ban stopped working a while ago without me knowing
5 participants
@dustinwilson @LinuxServer-CI @drizuid @nemchik @danielaranki