Am 19.03.2014 20:14, schrieb Jonathan Underwood: > On 19 March 2014 15:10, Orion Poplawski <or...@cora.nwra.com> wrote: >> See https://bugzilla.redhat.com/show_bug.cgi?id=1046816 >> You are going to need fail2ban-0.9-2 - f20 build is here >> http://koji.fedoraproject.org/koji/taskinfo?taskID=6651548. More testing >> would be much appreciated. > > On a default F20 install with that package I had to do the following > to get a minimal ssh jail up and running (this is info for those > following along, not Orion who no doubt knows this)... > > In /etc/fail2ban/jail.d/ajil.local > > [DEFAULT] > bantime = 3600 > banaction = firewallcmd-ipset > backend = systemd > > [sshd] > enabled = true > > So, it seems to me that at the very least we should set backend = > systemd in the Fedora, else it's not going to work out of the box (or, > more ugly, require rsyslog). > > As to the original question I'd favour enabling the firewalld support > in Fedora by default. Anyone disabling (or chosing not to install) > firewalld and installing fail2ban should know enough to configure > things appropriately
but with not take care of it you would end in having firewalld as mandatory dependency which is the main point of that thread - there are still way too much circular dependencies making it hard to strip down a setup
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
