diff options
| author | sebres <serg.brester@sebres.de> | 2020-09-29 12:35:49 +0200 |
|---|---|---|
| committer | sebres <serg.brester@sebres.de> | 2020-09-29 12:35:49 +0200 |
| commit | 1418bcdf5bb01dd210f4d37b5c2de8ccd0c658e4 (patch) | |
| tree | 246467a4dda0534f67b5de076ea3443c7c5369f2 | |
| parent | 24093de32daa05af5f178639095ac7106d55b544 (diff) | |
| download | fail2ban-1418bcdf5bb01dd210f4d37b5c2de8ccd0c658e4.tar.gz | |
`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | config/action.d/bsd-ipfw.conf | 5 |
2 files changed, 5 insertions, 1 deletions
@@ -52,6 +52,7 @@ ver. 0.10.6-dev (20??/??/??) - development edition with `jq`, gh-2140, gh-2656) * `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh-2763) * `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh-2821) +* `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh-2836) * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (inside the filter-config, gh-2650) * `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh-2697) diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf index 5116b0d8..7f04fe7c 100644 --- a/config/action.d/bsd-ipfw.conf +++ b/config/action.d/bsd-ipfw.conf @@ -14,7 +14,10 @@ # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # -actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" ) +actionstart = ipfw show | fgrep -c -m 1 -s 'table(<table>)' > /dev/null 2>&1 || ( + num=$(ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) print e <br> else print b }'); + ipfw -q add "$num" <blocktype> <block> from table\(<table>\) to me <port>; echo "$num" > "<startstatefile>" + ) # Option: actionstop |