From owner-freebsd-ports-bugs@freebsd.org Sat Oct 14 08:54:21 2017 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2AAFFE41D04 for ; Sat, 14 Oct 2017 08:54:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 173AD694B7 for ; Sat, 14 Oct 2017 08:54:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9E8sKre004730 for ; Sat, 14 Oct 2017 08:54:20 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 222997] security/py-fail2ban upgrade to 0.10.0 will break pf rules on system Date: Sat, 14 Oct 2017 08:54:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: idefix@fechner.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Oct 2017 08:54:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222997 Bug ID: 222997 Summary: security/py-fail2ban upgrade to 0.10.0 will break pf rules on system Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: idefix@fechner.net CC: theis@gmx.at Flags: maintainer-feedback?(theis@gmx.at) CC: theis@gmx.at Upgraded to new version 0.10.0 causes that fail2ban is removeing all existi= ng pf rules. While starting fail2ban I can see some error messsages in the fail2ban log file: 2017-10-14 10:48:38,302 fail2ban.server [95430]: INFO=20=20=20 -------------------------------------------------- 2017-10-14 10:48:38,303 fail2ban.server [95430]: INFO Starting Fail2ban v0.10.0 2017-10-14 10:48:38,303 fail2ban.server [95430]: INFO Daemon sta= rted 2017-10-14 10:48:38,433 fail2ban.database [95430]: INFO Connected = to fail2ban persistent database '/var/db/fail2ban/fail2ban.sqlite3' 2017-10-14 10:48:38,457 fail2ban.jail [95430]: INFO Creating n= ew jail 'pure-ftpd' 2017-10-14 10:48:38,476 fail2ban.jail [95430]: INFO Jail 'pure-ftpd' uses poller {} 2017-10-14 10:48:38,476 fail2ban.jail [95430]: INFO Initiated 'polling' backend 2017-10-14 10:48:38,503 fail2ban.server [95430]: INFO Jail pure-= ftpd is not a JournalFilter instance 2017-10-14 10:48:38,504 fail2ban.filter [95430]: INFO Added logf= ile: '/var/log/xferlog' (pos =3D 33943, hash =3D c0fde45278c4bda31a75b73a4ed1309= 2) 2017-10-14 10:48:38,505 fail2ban.filter [95430]: INFO maxRetry= : 3 2017-10-14 10:48:38,508 fail2ban.filter [95430]: INFO encoding: US-ASCII 2017-10-14 10:48:38,509 fail2ban.actions [95430]: INFO banTime: 21600 2017-10-14 10:48:38,510 fail2ban.filter [95430]: INFO findtime: 259200 2017-10-14 10:48:38,514 fail2ban.jail [95430]: INFO Creating n= ew jail 'postfix' 2017-10-14 10:48:38,516 fail2ban.jail [95430]: INFO Jail 'post= fix' uses poller {} 2017-10-14 10:48:38,516 fail2ban.jail [95430]: INFO Initiated 'polling' backend 2017-10-14 10:48:38,549 fail2ban.server [95430]: INFO Jail postf= ix is not a JournalFilter instance 2017-10-14 10:48:38,550 fail2ban.filter [95430]: INFO Added logf= ile: '/var/log/maillog' (pos =3D 8010576, hash =3D 19ee1e8548b2c189396190b75a3ce= 0b6) 2017-10-14 10:48:38,551 fail2ban.filter [95430]: INFO maxRetry= : 3 2017-10-14 10:48:38,554 fail2ban.filter [95430]: INFO encoding: US-ASCII 2017-10-14 10:48:38,555 fail2ban.actions [95430]: INFO banTime: 21600 2017-10-14 10:48:38,556 fail2ban.filter [95430]: INFO findtime: 259200 2017-10-14 10:48:38,559 fail2ban.jail [95430]: INFO Creating n= ew jail 'dovecot' 2017-10-14 10:48:38,561 fail2ban.jail [95430]: INFO Jail 'dove= cot' uses poller {} 2017-10-14 10:48:38,561 fail2ban.jail [95430]: INFO Initiated 'polling' backend 2017-10-14 10:48:38,598 fail2ban.server [95430]: INFO Jail dovec= ot is not a JournalFilter instance 2017-10-14 10:48:38,599 fail2ban.filter [95430]: INFO Added logf= ile: '/var/log/maillog' (pos =3D 8010576, hash =3D 19ee1e8548b2c189396190b75a3ce= 0b6) 2017-10-14 10:48:38,600 fail2ban.filter [95430]: INFO maxRetry= : 3 2017-10-14 10:48:38,603 fail2ban.filter [95430]: INFO encoding: US-ASCII 2017-10-14 10:48:38,604 fail2ban.actions [95430]: INFO banTime: 21600 2017-10-14 10:48:38,605 fail2ban.filter [95430]: INFO findtime: 259200 2017-10-14 10:48:38,608 fail2ban.jail [95430]: INFO Creating n= ew jail 'sieve' 2017-10-14 10:48:38,610 fail2ban.jail [95430]: INFO Jail 'siev= e' uses poller {} 2017-10-14 10:48:38,610 fail2ban.jail [95430]: INFO Initiated 'polling' backend 2017-10-14 10:48:38,621 fail2ban.filter [95430]: INFO Added logf= ile: '/var/log/maillog' (pos =3D 8010576, hash =3D 19ee1e8548b2c189396190b75a3ce= 0b6) 2017-10-14 10:48:38,622 fail2ban.filter [95430]: INFO maxRetry= : 3 2017-10-14 10:48:38,624 fail2ban.filter [95430]: INFO encoding: US-ASCII 2017-10-14 10:48:38,625 fail2ban.actions [95430]: INFO banTime: 21600 2017-10-14 10:48:38,626 fail2ban.filter [95430]: INFO findtime: 259200 2017-10-14 10:48:38,630 fail2ban.jail [95430]: INFO Creating n= ew jail 'ssh' 2017-10-14 10:48:38,631 fail2ban.jail [95430]: INFO Jail 'ssh' uses poller {} 2017-10-14 10:48:38,632 fail2ban.jail [95430]: INFO Initiated 'polling' backend 2017-10-14 10:48:38,689 fail2ban.filter [95430]: INFO Added logf= ile: '/var/log/auth.log' (pos =3D 77792, hash =3D 55771e37d99c2e7695c6a7b5fcb2e2= d9) 2017-10-14 10:48:38,689 fail2ban.filter [95430]: INFO maxRetry= : 3 2017-10-14 10:48:38,692 fail2ban.filter [95430]: INFO encoding: US-ASCII 2017-10-14 10:48:38,693 fail2ban.actions [95430]: INFO banTime: 21600 2017-10-14 10:48:38,694 fail2ban.filter [95430]: INFO findtime: 259200 2017-10-14 10:48:38,703 fail2ban.jail [95430]: INFO Jail 'pure-ftpd' started 2017-10-14 10:48:38,708 fail2ban.jail [95430]: INFO Jail 'post= fix' started 2017-10-14 10:48:38,710 fail2ban.jail [95430]: INFO Jail 'dove= cot' started 2017-10-14 10:48:38,713 fail2ban.jail [95430]: INFO Jail 'siev= e' started 2017-10-14 10:48:38,723 fail2ban.jail [95430]: INFO Jail 'ssh' started 2017-10-14 10:48:38,734 fail2ban.utils [95430]: Level 39 801b75cf0= -- exec: echo "table persist counters" | pfctl -f- echo "block proto tcp from to any port ftp,ftp-data,ftps,ftps-data" | pfctl -f- 2017-10-14 10:48:38,735 fail2ban.utils [95430]: ERROR 801b75cf0 = -- stderr: 'stdin:1: syntax error' 2017-10-14 10:48:38,735 fail2ban.utils [95430]: ERROR 801b75cf0 = -- stderr: 'pfctl: Syntax error in config file: pf rules not loaded' 2017-10-14 10:48:38,735 fail2ban.utils [95430]: ERROR 801b75cf0 = -- returned 1 2017-10-14 10:48:38,736 fail2ban.actions [95430]: ERROR Failed to start jail 'pure-ftpd' action 'pf': Error starting action Jail('pure-ftpd')= /pf 2017-10-14 10:48:38,762 fail2ban.utils [95430]: Level 39 801b58e90= -- exec: echo "table persist counters" | pfctl -f- echo "block proto tcp from to any port smtp,465,submission" | pfctl -f- 2017-10-14 10:48:38,763 fail2ban.utils [95430]: ERROR 801b58e90 = -- stderr: 'stdin:1: syntax error' 2017-10-14 10:48:38,763 fail2ban.utils [95430]: ERROR 801b58e90 = -- stderr: 'pfctl: Syntax error in config file: pf rules not loaded' 2017-10-14 10:48:38,763 fail2ban.utils [95430]: ERROR 801b58e90 = -- returned 1 2017-10-14 10:48:38,764 fail2ban.actions [95430]: ERROR Failed to start jail 'postfix' action 'pf': Error starting action Jail('postfix')/pf 2017-10-14 10:48:38,791 fail2ban.utils [95430]: Level 39 80577c6b0= -- exec: echo "table persist counters" | pfctl -f- echo "block proto tcp from to any port pop3,pop3s,imap,imaps,submission,465,sieve" | pfctl -f- 2017-10-14 10:48:38,791 fail2ban.utils [95430]: ERROR 80577c6b0 = -- stderr: 'stdin:1: syntax error' 2017-10-14 10:48:38,792 fail2ban.utils [95430]: ERROR 80577c6b0 = -- stderr: 'pfctl: Syntax error in config file: pf rules not loaded' 2017-10-14 10:48:38,792 fail2ban.utils [95430]: ERROR 80577c6b0 = -- returned 1 2017-10-14 10:48:38,793 fail2ban.actions [95430]: ERROR Failed to start jail 'dovecot' action 'pf': Error starting action Jail('dovecot')/pf 2017-10-14 10:48:38,820 fail2ban.utils [95430]: Level 39 806588030= -- exec: echo "table persist counters" | pfctl -f- echo "block proto tcp from to any port smtp,465,submission" | p= fctl -f- 2017-10-14 10:48:38,820 fail2ban.utils [95430]: ERROR 806588030 = -- stderr: 'stdin:1: syntax error' 2017-10-14 10:48:38,821 fail2ban.utils [95430]: ERROR 806588030 = -- stderr: 'pfctl: Syntax error in config file: pf rules not loaded' 2017-10-14 10:48:38,821 fail2ban.utils [95430]: ERROR 806588030 = -- returned 1 2017-10-14 10:48:38,822 fail2ban.actions [95430]: ERROR Failed to start jail 'sieve' action 'pf': Error starting action Jail('sieve')/pf 2017-10-14 10:48:38,849 fail2ban.actions [95430]: NOTICE [ssh] Rest= ore Ban 103.28.121.86 2017-10-14 10:48:38,878 fail2ban.actions [95430]: NOTICE [ssh] Rest= ore Ban 179.99.236.29 2017-10-14 10:48:38,907 fail2ban.actions [95430]: NOTICE [ssh] Rest= ore Ban 182.18.153.206 2017-10-14 10:48:38,936 fail2ban.actions [95430]: NOTICE [ssh] Rest= ore Ban 37.49.225.93 2017-10-14 10:48:55,226 fail2ban.filter [95430]: INFO [postfix] Found 180.76.248.34 - 2017-10-14 10:48:55 2017-10-14 10:52:18,914 fail2ban.filter [95430]: INFO [ssh] Found 112.133.225.115 - 2017-10-14 10:52:18 2017-10-14 10:53:07,365 fail2ban.actions [95430]: NOTICE [ssh] Unban 103.28.121.86 After this all rules from the firewall are gone and I have to manually relo= ad the firewall again with: service pf reload --=20 You are receiving this mail because: You are the assignee for the bug.=