Skip to content

Update F2B wrapper to show possible errors with IPTables#2170

Merged
georglauterbach merged 5 commits intomasterfrom
fail2ban-iptables-fix
Sep 6, 2021
Merged

Update F2B wrapper to show possible errors with IPTables#2170
georglauterbach merged 5 commits intomasterfrom
fail2ban-iptables-fix

Conversation

@georglauterbach
Copy link
Copy Markdown
Member

@georglauterbach georglauterbach commented Sep 4, 2021
edited
Loading

Description

The fail2ban wrapper would show No IPs have been banned even when IPTables did not work. This is now shown and the script aborts.

Partly helps with #2169

Type of change

  • Improvement (non-breaking change that does improve existing functionality)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@georglauterbach georglauterbach added pr/needs review area/scripts service/security/fail2ban kind/improvement Improve an existing feature, configuration file or the documentation labels Sep 4, 2021
@georglauterbach georglauterbach added this to the v10.1.3 milestone Sep 4, 2021
@georglauterbach georglauterbach requested a review from a team September 4, 2021 11:00
@georglauterbach georglauterbach self-assigned this Sep 4, 2021
casperklein
casperklein requested changes Sep 4, 2021
View reviewed changes
Comment thread target/bin/fail2ban Outdated
@georglauterbach
Copy link
Copy Markdown
Member Author

georglauterbach commented Sep 4, 2021

Same as #2160, CI fails unexpectedly....

@polarathene
Copy link
Copy Markdown
Member

polarathene commented Sep 5, 2021

CI fails unexpectedly

One of the failing tests is same from #2160 (comment)

not ok 209 wait_for_empty_mail_queue_in_container fails when timeout reached
# (from function `repeat_until_success_or_timeout' in file test/test_helper/common.bash, line 27,
#  from function `repeat_in_container_until_success_or_timeout' in file test/test_helper/common.bash, line 70,
#  from function `wait_for_empty_mail_queue_in_container' in file test/test_helper/common.bash, line 192,
#  in test file test/test_helper.bats, line 225)
#   `! TEST_TIMEOUT_IN_SECONDS=0 wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"' failed
# 220 mail.my-domain.com ESMTP
# 250 mail.my-domain.com
# 250 2.1.0 Ok
# 250 2.1.5 Ok
# 354 End data with <CR><LF>.<CR><LF>
# 250 2.0.0 Ok: queued as 85D552F9B0D
# 221 2.0.0 Bye
# efcc772b8339f557c6a12df6038067bac80dcb2fa967904538726d680a946bf4
not ok 210 wait_for_empty_mail_queue_in_container succeeds within timeout
# (in test file test/test_helper.bats, line 250)
#   `[[ ${SECONDS} -gt 0 ]]' failed
# 220 mail.my-domain.com ESMTP
# 250 mail.my-domain.com
# 250 2.1.0 Ok
# 250 2.1.5 Ok
# 354 End data with <CR><LF>.<CR><LF>
# 250 2.0.0 Ok: queued as 8541D2F9B0C
# 221 2.0.0 Bye
# 68b8920e0d61114b05cb90e9b274fb0615f9925b6bec7c8b46cd5c20c2930ae2

This one is different however checking user login: predefined user can login:

not ok 303 checking user login: predefined user can login
# (from function `assert_output' in file test/test_helper/bats-assert/src/assert.bash, line 239,
#  in test file test/tests.bats, line 935)
#   `assert_output "passdb: [email protected] auth succeeded"' failed
# 
# -- output differs --
# expected : passdb: [email protected] auth succeeded
# actual   : passdb: [email protected] auth failed
# --
#

Is that likely F2B related?

polarathene
polarathene requested changes Sep 5, 2021
View reviewed changes
Comment thread target/bin/fail2ban Outdated
Comment thread target/bin/fail2ban Outdated
Comment thread target/bin/fail2ban Outdated
@georglauterbach
Copy link
Copy Markdown
Member Author

georglauterbach commented Sep 5, 2021

We'll see what tests do now. I don't see a connection between the second test and Fail2Ban, and even if there were, we did not change the F2B configuration to begin with :)

@georglauterbach georglauterbach merged commit 317f3e4 into master Sep 6, 2021
@georglauterbach georglauterbach deleted the fail2ban-iptables-fix branch September 6, 2021 09:39
@georglauterbach georglauterbach modified the milestones: v10.1.3, v10.2.0 Sep 6, 2021
@polarathene polarathene mentioned this pull request Sep 9, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@casperklein casperklein casperklein approved these changes

@polarathene polarathene polarathene approved these changes

Assignees

@georglauterbach georglauterbach

Labels

area/scripts kind/improvement Improve an existing feature, configuration file or the documentation service/security/fail2ban

Projects

None yet

Milestone

v10.2.0

Development

Successfully merging this pull request may close these issues.

3 participants

@georglauterbach @polarathene @casperklein