On 19 March 2014 19:16, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > Am 19.03.2014 20:14, schrieb Jonathan Underwood: >> On 19 March 2014 15:10, Orion Poplawski <orion@xxxxxxxxxxxxx> wrote: >>> See https://bugzilla.redhat.com/show_bug.cgi?id=1046816 >>> You are going to need fail2ban-0.9-2 - f20 build is here http://koji.fedoraproject.org/koji/taskinfo?taskID=6651548. More testing would be much appreciated. >> >> On a default F20 install with that package I had to do the following >> to get a minimal ssh jail up and running (this is info for those >> following along, not Orion who no doubt knows this)... >> >> In /etc/fail2ban/jail.d/ajil.local >> >> [DEFAULT] >> bantime = 3600 >> banaction = firewallcmd-ipset >> backend = systemd >> >> [sshd] >> enabled = true >> >> So, it seems to me that at the very least we should set backend = >> systemd in the Fedora, else it's not going to work out of the box (or, >> more ugly, require rsyslog). >> >> As to the original question I'd favour enabling the firewalld support >> in Fedora by default. Anyone disabling (or chosing not to install) >> firewalld and installing fail2ban should know enough to configure >> things appropriately > > but with not take care of it you would end in having firewalld as mandatory > dependency which is the main point of that thread - there are still way > too much circular dependencies making it hard to strip down a setup I didn't advocate having fail2ban having a hard Requires for firewalld, nor anything else creating a "circular dependence". I was simply advocating having a configuration file that would work for the most common case. Cheers, Jonathan. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
